Chinese-linked hackers breach US agencies via Microsoft SharePoint flaw: Details

A significant cyber espionage effort has emerged, involving three groups associated with China, which have managed to infiltrate various organizations worldwide, including several U.S. government agencies. This hacking operation takes advantage of critical vulnerabilities found in Microsoft’s SharePoint server software, prompting immediate investigations by federal authorities and cybersecurity experts, as reported by Politico. Microsoft has identified the involved threat actors as Violet Typhoon, Linen Typhoon, and Storm-2603, all of which are believed to have ties to state-sponsored cyber activities focused on Western targets. According to two anonymous U.S. officials, at least four to five federal agencies have been impacted, although the complete extent of the breach is still being assessed. As of Monday, it has been confirmed that more than one agency has been compromised. The attackers are leveraging a serious flaw in the on-premises versions of Microsoft SharePoint, a collaborative tool widely used in both government and corporate environments. Microsoft has clarified that the cloud-hosted versions are not affected by this vulnerability. In response to the breach detected over the weekend, federal cybersecurity teams and private analysts have mobilized to limit the fallout. Microsoft emphasized the necessity for organizations to update their software promptly, as the threat actors are likely to continue exploiting unpatched systems. The tech giant is collaborating closely with the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Cyber Defence Command of the Department of Defense, and international cybersecurity partners to address the ongoing threat. A spokesperson from CISA remarked that Microsoft has been 'responding quickly' since the agency first raised concerns about the situation. This incident is part of a troubling trend of high-profile cybersecurity breaches involving Microsoft and suspected Chinese hackers. Earlier this year, individuals linked to China allegedly accessed the email accounts of the U.S. ambassador to China and the U.S. Commerce Secretary by exploiting a series of Microsoft security vulnerabilities, which were later criticized in a federal review. Recently, the Pentagon revealed plans to reevaluate all its cloud services following reports that Chinese engineers had been providing technical assistance for sensitive U.S. military systems.