Microsoft says Chinese hacking groups are behind SharePoint attacks

Some of the attacks that targeted organizations utilizing an exploit successful Microsoft’s SharePoint server platform implicit the past fewer days person been linked to hacking groups affiliated with the Chinese government, according to a caller Microsoft information blog. 

“As of this writing, Microsoft has observed 2 named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting these vulnerabilities targeting internet-facing SharePoint servers,” Microsoft said connected Tuesday. “In addition, we person observed different China-based menace actor, tracked arsenic Storm-2603, exploiting these vulnerabilities. Investigations into different actors besides utilizing these exploits are inactive ongoing.”

Eye Security told BleepingComputer it’s identified 54 organizations that person been breached, including a backstage assemblage and a backstage vigor relation successful California, and a national authorities wellness organization. The Washington Post reports that anonymous sources moving connected the SharePoint intrusions said they’ve besides identified that immoderate attacks were connected to IP addresses wrong China. 

Microsoft released a spot update for SharePoint 2016 servers connected Tuesday morning, and it has present patched each versions of SharePoint that are impacted by the zero-day exploit. Microsoft’s update says it has assessed “with precocious confidence” that menace actors volition proceed utilizing it to onslaught unpatched server systems present that it’s wide known. The vulnerability, which researchers astatine Eye Security published details astir last week, allows hackers to entree definite on-premises versions of SharePoint to bargain delicate data, harvest passwords, and determination crossed connected services.