Chinese state hackers targeting Microsoft

AFP | San Francisco

Email : editor@newsofbahrain.com

Chinese state-sponsored hackers are actively exploiting critical security vulnerabilities in users of Microsoft’s popular SharePoint servers to steal sensitive data and deploy malicious code, the US tech giant warned Tuesday.

Microsoft said it has observed three threat groups –- dubbed Linen Typhoon, Violet Typhoon, and Storm-2603 –- targeting internet-facing SharePoint servers using two newly disclosed vulnerabilities that allow attackers to bypass authentication and execute remote code.

SharePoint Server is Microsoft’s collaboration and document management platform designed for businesses and organizations.

Many large organizations use SharePoint as their primary platform for internal collaboration and for storing documents, and is appreciated for working well with other Microsoft products like Office, Teams, and Outlook.

The attacks, which Microsoft said began as early as July 7, affect only on-premises SharePoint installations and do not impact the cloud-based SharePoint Online service, the company said in a security bulletin.

Microsoft warned that it “assesses with high confidence” that the threat actors will continue their assault against vulnerable systems where companies haven’t taken the necessary precautions.

The vulnerabilities allow attackers to spoof authentication credentials and execute malicious code remotely on vulnerable servers.

Microsoft has released comprehensive security updates to address the malware and urged customers to apply the patches immediately.