Microsoft SharePoint Servers Targeted by China-Linked Hackers in Large-Scale Cyberattack

Microsoft SharePoint Servers Targeted by China-Linked Hackers in Large-Scale Cyberattack
—————————
Microsoft is facing a significant cybersecurity challenge after China-linked hackers exploited vulnerabilities in on-premises SharePoint servers, targeting hundreds of organizations worldwide, Arab News reported. The attacks, revealed by Dutch startup Eye Security, compromised over 400 computer systems, including government agencies in Europe, the Middle East, and the United States, with reports indicating that the US nuclear weapons agency was among those affected.

The hackers exploited flaws enabling them to steal credentials and access SharePoint servers hosted on users’ premises. Microsoft confirmed the vulnerability and promptly released patches to safeguard systems, emphasizing that cloud-based SharePoint services were not impacted. Cybersecurity firm Palo Alto Networks warned that sectors such as government, education, healthcare, and large enterprises remain at immediate risk.

Microsoft attributes the attacks to Chinese state-backed groups, including Linen Typhoon, Violet Typhoon, and Storm-2603. The Typhoon groups have a long history of cyber espionage and intellectual property theft. The motives of Storm-2603 remain less clear. Microsoft continues investigations into other potential threat actors exploiting these vulnerabilities.

This incident follows previous attacks on Microsoft software, such as the 2021 Silk Typhoon breach of Exchange servers. Experts highlight that Microsoft’s widespread software use makes its customers prime targets for cybercriminals, underscoring the importance of timely security updates.