A recent series of attacks on organizations using an exploit in Microsoft’s SharePoint server platform has been linked to Chinese government-affiliated hacking groups, according to a new Microsoft security blog. The attacks have affected at least 54 organizations worldwide, including a private university, a federal government health organization, and a private energy operator in California.
Microsoft has identified two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. Another China-based threat actor, Storm-2603, is also believed to be involved.
The attacks utilize a zero-day exploit, allowing hackers to access sensitive data, harvest passwords, and move across connected services. Microsoft released a patch update for affected SharePoint 2016 servers on Tuesday morning, which has since been applied to all impacted versions of the platform.
Eye Security has reported that several IP addresses associated with the attacks are located within China. The vulnerability was recently disclosed by researchers at Eye Security and allows hackers to exploit certain on-premises versions of SharePoint.
Source: https://www.theverge.com/news/711522/microsoft-sharepoint-exploit-china-based-hackers