Microsoft Exposes Chinese Hackers Exploiting SharePoint Vulnerabilities

In a startling revelation, Microsoft Corporation disclosed on Tuesday that it has identified several Chinese cyber actors exploiting vulnerabilities within its widely used file-sharing web application, SharePoint. This development underscores the escalating threats in the cyber domain, particularly from nation-state actors.

Immediate Actions Taken by Microsoft

The tech behemoth had earlier flagged active attacks targeting its on-premises SharePoint servers, leveraging the application's spoofing and remote code vulnerabilities. In response, Microsoft swiftly rolled out critical security updates aimed at shielding its customers from these newfound threats. It's crucial to note that these vulnerabilities exclusively impact on-premises SharePoint servers, leaving SharePoint Online in Microsoft 365 unscathed.

The Culprits Behind the Attacks

"At the time of reporting, Microsoft has pinpointed two Chinese nation-state actors, dubbed Linen Typhoon and Violet Typhoon, as the perpetrators exploiting these vulnerabilities, with a focus on internet-facing SharePoint servers. Additionally, another China-based threat actor, known as Storm-2603, has been observed leveraging these vulnerabilities. Investigations are ongoing to uncover other potential actors involved in these exploits," Microsoft elaborated in a detailed blog post.