Risk highlighted as Chinese hackers hit Microsoft
While such cyberattacks are not new, the scale of the onslaught and the speed with which the hackers took advantage of freshly discovered vulnerabilities is fuelling concern.
Dutch startup Eye Security warned Saturday of online attacks targeting SharePoint file-sharing servers, with Microsoft quick to confirm the report and release patches to protect systems.
The vulnerability allowed hackers to retrieve credentials and then access SharePoint servers kept at users' facilities, according to Microsoft.
Cloud-based SharePoint software was safe from the problem, the company said.
Eye Security determined that more than 400 computer systems were compromised by hackers during waves of attacks.
Targets included government organisations in Europe, the Middle East and the United States, among them the U.S. nuclear weapons agency, media reports indicated.
"On-premises SharePoint deployments - particularly within government, schools, healthcare and large enterprise companies - are at immediate risk," cybersecurity firm Palo Alto Networks warned in a note.
Microsoft has not disclosed the number of victims in the attacks.
SharePoint had more than 200 million active users as of 2020, according to the most recent figures available from Microsoft.
Microsoft has attributed the cyberattacks to groups backed by China.
The culprits are believed to include Chinese state actors known as Linen Typhoon and Violet Typhoon along with a group called Storm-2603 which "is considered with moderate confidence to be a threat actor based in China."
The Typhoon groups have been active for a decade or more, and are known for intellectual property theft as well as espionage, according to Microsoft.
Less was known about Storm-2603 and its motives.
"Investigations into other actors also using these exploits are ongoing," Microsoft said, urging users to patch SharePoint servers to avoid becoming hacking victims.
Cybersecurity specialist Damien Bancal noted in a recent blog post that he found "ready-to-use exploit code" for the vulnerability at a popular website.
The assault on SharePoint servers is the latest in a series of sophisticated attacks carried out by state-sponsored groups against "the Microsoft ecosystem," according to Bancal.
In 2021, attacks by a Chinese hacker group known as Silk Typhoon compromised tens of thousands of email servers using Microsft Exchange software.
Microsoft's success at making its software commonplace in offices and homes also makes it a prime target for hackers out to steal money or information.
Microsoft software can hold sensitive and valuable information.
"It's not Microsoft that is being targeted, it's its customers," said Shane Barney, head of information security at US-based Keeper.
Targeting Microsoft programmes is a means to an end, and tomorrow it could be software from another company, said Rodrigue Le Bayon, head of Orange Cyberdefense computer emergency response team.
China is not the only nation backing hacker operations as countries around the world hone cyber capabilities, according to Le Bayon.
Nevertheless, China is repeatedly singled out by companies and governments hit by hacks.
Western countries have accused hacker groups allegedly supported by China of conducting a global cyber espionage campaign against figures critical of Beijing, democratic institutions, and companies in various sensitive sectors.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
7 minutes ago
- Time of India
Microsoft probing if Chinese hackers learned SharePoint flaws through alert: Report
Synopsis A security patch Microsoft released this month failed to fully fix a critical flaw in the U.S. tech giant's SharePoint server software, opening the door to a sweeping global cyber espionage effort. In a blog post on Tuesday, Microsoft said two allegedly Chinese hacking groups, dubbed "Linen Typhoon" and "Violet Typhoon," were exploiting the weaknesses, along with a third, also based in China.
Time of India
7 minutes ago
- Time of India
Tesla beats Chinese rivals in some driving assisted tests, say China state media, Bytedance
Billionaire Elon Musk 's Tesla outperformed Chinese rivals including BYD , Xiaomi and Huawei in a test of assisted driving technologies on China's highways, according to results published by TikTok owner Bytedance's auto unit Dcar. State television CCTV and Dcar jointly tested the level 2 advanced driving assistance systems ( ADAS ) from more than 20 electric vehicle brands in China and rated their performance in a series of scenarios with higher risks of accidents on highways and urban traffics. The test videos posted by Dcar went viral on Chinese social media. Tesla scored the best in the highway test among 36 models, with its Model 3 and Model X passing five out of six scenarios, while BYD's Denza Z9GT and Huawei-backed Aito M9 failed in three scenarios. Xiaomi's SU7 passed in one of six. In a Weibo post on Friday, HIMA, the Huawei-led auto alliance, said it declined to comment on the "so-called test." BYD and Xiaomi didn't immediately respond to requests for comment. "Due to laws against data export, Tesla achieved the top results in China despite having no local training data," Tesla CEO Elon Musk said on his X account on Friday. Tesla has been caught in what Musk described as a "quandary", as the U.S. doesn't allow its AI software to be trained in China, while the automaker has been seeking approval from Chinese regulators to transfer data saved locally in Shanghai back to the United States for algorithm training. Domestic brands should face up to the gap with Tesla in autonomous driving , Wang Yao, deputy chief engineer of the China Association of Automobile Manufacturers, told an auto forum in Shanghai earlier this month. Xiaomi CEO Lei Jun, in remarks after a Tesla Model Y delivered itself from an Austin, Texas factory to its owner in the area roughly 30 minutes away, said "we will continue to learn" from Tesla which has led industry trends. The test came amid growing safety concerns in China about the ADAS after a highway accident involving a Xiaomi SU7 killed three people in March. State media have blamed misleading promotions for resulting drivers' improper uses of the technologies and the authorities have banned the uses of terms such as "smart driving" and "autonomous driving" for marketing driving assistance features. The public security ministry said this week that the country will set out legal responsibilities related to the technology that has yet achieved true autonomous driving. Drivers face safety and legal risks if they are distracted in accidents when assisted driving is turned on, the ministry warned. Xiaomi had seen a slump in new EV orders as a consumer backlash began in April following the fatal trash, but the impact seems short-lived, with its new electric SUV receiving exceptionally strong initially orders after it went on sale last month. Tesla's sales of its China-made electric vehicles edged up 0.8 per cent in June from a year earlier, snapping an eight-month losing streak, but they continued to fall on a quarterly basis in the face of lower-cost new models from its Chinese rivals. Tesla's assisted driving suite is available in China for nearly $9,000, while the technology from its local rivals including Xiaomi and BYD is without extra cost, pressuring the U.S. automaker's self-driving future. Tesla's technology approach relies solely on cameras as sensors and artificial intelligence while most Chinese peers including BYD use lidar (light detection and range sensors) additionally to ensure performance.
Time of India
7 minutes ago
- Time of India
Scrapped batteries could power India's lithium boom
Gujarat is set to give the ' Atmanirbhar Bharat ' mission a significant push in lithium - the 'white gold' indispensable for powering gadgets and e-vehicles - while also extracting the metal without polluting the environment. Scientists at the Bhavnagar-based Central Salt and Marine Chemicals Research Institute (CSMCRI) developed a clean, fast, and selective method to extract lithium from disposed batteries. This discovery could significantly reduce India's import bills as the country imports 100% of its lithium requirement. This study was recently published in Angewandte Chemie International Edition, a leading peer reviewed chemistry journal by the German Chemical Society. Scientists say the technology will give momentum to India's shift to green energy. On average, one ton of lithium requires processing about 28 tons of battery waste. The metal is recovered only after several stages of processes that are slow, inefficient, and costly, often resulting in metal contamination and loss, and the purity is also not high. This also deters battery producers from extracting lithium from waste. The conventional process, after recovering the black powder, first involves leaching all metals like nickel, cobalt, and manganese in the battery's cathode, resulting in significant loss and contamination. If scaled up after commercial application, businesses handling waste batteries could get a big encouragement and better price. At present, waste battery handling is not a lucrative business due to pollution and the small quantity of lithium obtained. CSMCRI's scientists have turned the problem on its head. Instead of lithium coming out last, their new method pulls lithium out first-with purity. After recovering the black powder from used lithium-ion batteries, anthraquinone salt and hydrogen peroxide are applied to selectively extract lithium. Kannan Srinivasan, director of CSIR-CSMCRI, said, "This method avoids the harsh chemicals and high-energy use of existing processes." Lead researcher and Principal Scientist Alok Ranjan Paital said, "We achieved 97% lithium leaching efficiency in just one hour. Also, compared to 2-3 days required by traditional methods to extract one ton of lithium, this new technique delivers the same results in just 2-3 hours with higher purity."
