Microsoft says Chinese hacking groups exploited SharePoint vulnerability in attacks

Microsoft has disclosed that Chinese hacking groups have been actively involved in recent attacks on its SharePoint collaboration platform. According to a blog post from the company, state-sponsored actors known as Linen Typhoon and Violet Typhoon have been attempting to exploit a specific vulnerability since July 7. Additionally, a China-based group identified as Storm-2603 has also been implicated in these activities. Cybersecurity expert Charles Carmakal, the technology chief at Mandiant, a firm owned by Google, indicated in a LinkedIn update that they believe at least one of the groups responsible for the initial exploitation is linked to Chinese interests. This acknowledgment came shortly after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced its awareness of ongoing exploitation of the vulnerability. In response to these threats, Microsoft has released patches for two versions of its on-premises SharePoint software, with a fix for a third version following closely behind. SharePoint is a crucial element of Microsoft's Office productivity suite, facilitating access to internal files for numerous users within organizations. This development comes on the heels of increased scrutiny on Microsoft’s cybersecurity practices. Last year, CEO Satya Nadella emphasized the importance of cybersecurity after a government report criticized the company for its response to a breach involving Chinese hackers accessing U.S. government officials' email accounts. Furthermore, just last week, Microsoft announced its decision to cease reliance on engineers based in China for supporting the Pentagon’s cloud services, following concerns that this could enable Chinese-sponsored cyber threats against the U.S. military. This is not the first instance of Chinese threat actors targeting Microsoft’s software. In 2021, a group associated with the Chinese state known as Hafnium successfully attacked Microsoft’s Exchange Server, which manages email and calendar functions. As cyber threats continue to evolve, the importance of robust cybersecurity measures remains paramount.