logo
Microsoft Says Chinese Hackers Are Exploiting SharePoint Flaws

Microsoft Says Chinese Hackers Are Exploiting SharePoint Flaws

Yahooa day ago
(Bloomberg) -- Microsoft Corp. accused Chinese hackers of exploiting vulnerabilities in its SharePoint software that have led to breaches worldwide in recent days.
Why the Federal Reserve's Building Renovation Costs $2.5 Billion
Salt Lake City Turns Winter Olympic Bid Into Statewide Bond Boom
Milan Corruption Probe Casts Shadow Over Property Boom
How San Jose's Mayor Is Working to Build an AI Capital
Two Chinese nation-state actors have been exploiting these vulnerabilities in SharePoint, Microsoft said in a blog Tuesday. The flaws were discovered in instances of the software installed on customer servers rather than in the cloud, the company said.
For more: Microsoft Rushes to Stop Hackers From Wreaking Global Havoc
Governments, businesses and other organizations across the globe have been breached because of the vulnerabilities, leading to the theft of sensitive information, Bloomberg reported Tuesday. Microsoft has released a patch and recommended that customers take additional security steps.
The two known threat actors identified by Microsoft, Linen Typhoon and Violet Typhoon, have been active since the mid-2010s, the company said. In the past, they have focused on stealing intellectual property and espionage. Microsoft said a third threat actor also appears to be based in China, though the company hasn't assessed its motive.
--With assistance from Jake Bleiberg.
Elon Musk's Empire Is Creaking Under the Strain of Elon Musk
A Rebel Army Is Building a Rare-Earth Empire on China's Border
Thailand's Changing Cannabis Rules Leave Farmers in a Tough Spot
How Starbucks' CEO Plans to Tame the Rush-Hour Free-for-All
What the Tough Job Market for New College Grads Says About the Economy
©2025 Bloomberg L.P.
Orange background

Try Our AI Features

Explore what Daily8 AI can do for you:

Comments

No comments yet...

Related Articles

Chinese hackers breach US nuclear security agency in cyberattack operation, officials say
Chinese hackers breach US nuclear security agency in cyberattack operation, officials say

Fox News

time8 minutes ago

  • Fox News

Chinese hackers breach US nuclear security agency in cyberattack operation, officials say

A sweeping cyberattack breached the U.S. National Nuclear Security Administration (NNSA) through Microsoft's Sharepoint document software, the Energy Department confirmed to Fox News Digital on Wednesday. The agency does not know of any sensitive or classified information that has been stolen at this time. "On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy, including the NNSA," a Department of Energy (DoE) told Fox News Digital, referring to the agency responsible for maintaining and designing the nation's nuclear weapons stockpiles. Microsoft warned that Chinese state-sponsored actors were exploiting flaws in the SharePoint software of institutions across the globe. Netherlands-based Eye Security told Reuters the breach has now claimed 400 victims. Linen Typhoon and Violet Typhoon, the two groups backed by the CCP involved in the hack, utilized flaws in the document-sharing software that exist for customers who run it on their own networks rather than through Microsoft's cloud software. But DoE said it largely utilizes the cloud, so only a "very small number of systems were impacted." "All impacted systems are being restored." Another hacking group based in China, Storm-2603, also exploited the vulnerabilities, according to Microsoft. Asked about the hack on Wednesday, Chinese foreign ministry spokesperson Guo Jiakun said he wasn't aware of the specifics, but: "China opposes and fights hacking activities in accordance with the law. At the same time, we oppose smears and attacks against China under the excuse of cybersecurity issues." Charles Carmakal, technology chief of the Google-owned Mandiant cybersecurity consulting group, confirmed Monday in a LinkedIn post that at least one of the organizations involved in the hack was a "China-nexus threat actor." On Sunday, the U.S. Cybersecurity and Infrastructure Security Agency said it was "aware of active exploitation" of the SharePoint vulnerability. Microsoft CEO Satya Nadella vowed last year to make cybersecurity a top priority after a government report criticized the company's handling of a Chinese breach of the emails of U.S. government officials. Just last week, the company vowed to stop using engineers based in China to provide technical support for clients within the Defense Department using the company's cloud services. That came after a ProPublica report revealed the practice and said it could expose the DoD to Chinese hackers.

Big Take: Two Former Trade Advisers on Trump's Tariffs
Big Take: Two Former Trade Advisers on Trump's Tariffs

Bloomberg

time8 minutes ago

  • Bloomberg

Big Take: Two Former Trade Advisers on Trump's Tariffs

Bob Zoellick and Mike Froman spent years crisscrossing the globe as US Trade Representatives for George W. Bush and Barack Obama, respectively. They hammered out deals that accelerated an era of free trade. As President Donald Trump's August 1 tariff deadline approaches and Japan strikes a major deal with his trade team, David Gura brings the two former trade officials together to get their take on the president's efforts to reshape the global economy.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store