Chinese state hackers targeting Microsoft customers
Microsoft said it has observed three threat groups – dubbed Linen Typhoon, Violet Typhoon, and Storm-2603 – targeting internet-facing SharePoint servers using two newly disclosed vulnerabilities that allow attackers to bypass authentication and execute remote code.
SharePoint Server is Microsoft's collaboration and document management platform designed for businesses and organizations.
Many large organisations use SharePoint as their primary platform for internal collaboration and for storing documents, and is appreciated for working well with other Microsoft products like Office, Teams, and Outlook.
The attacks, which Microsoft said began as early as July 7, affect only on-premises SharePoint installations and do not impact the cloud-based SharePoint Online service, the company said in a security bulletin.
Microsoft warned that it "assesses with high confidence" that the threat actors will continue their assault against vulnerable systems where companies haven't taken the necessary precautions.
The vulnerabilities allow attackers to spoof authentication credentials and execute malicious code remotely on vulnerable servers.
Microsoft has released comprehensive security updates to address the malware and urged customers to apply the patches immediately.
In their successful attacks, the Chinese hackers deployed malicious code that provides backdoor access to compromised systems. The attackers used these tools to steal machine encryption keys and maintain access to targeted networks.
Linen Typhoon, active since 2012, primarily focuses on intellectual property theft from government, defence, and human rights organisations.
Violet Typhoon, operating since 2015, conducts espionage against former government officials, NGOs, think tanks, and media organizations across the United States, Europe, and East Asia.
Storm-2603, which Microsoft assesses with "medium confidence" to be China-based, has previously deployed ransomware but its current objectives remain unclear.
Research from cybersecurity company Check Point said the campaign began on July 7 against a major Western government and that the attacks intensified dramatically around July 18.
Since then, researchers have confirmed dozens of compromise attempts primarily targeting organisations in North America and Western Europe, Check Point said in a blog post.--AFP
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Daily Express
an hour ago
- Daily Express
Over 5,500 set to join Malaysia-China Friendship Run in KK
Published on: Friday, July 25, 2025 Published on: Fri, Jul 25, 2025 Text Size: KOTA KINABALU: Over 5,500 participants are set to take part in the 'Jom! Malaysia-China Friendship Run 2025' at Padang Merdeka here on Sunday (July 27), with the event scheduled to begin at 6am. Malaysia-China Friendship Association Sabah President Oh Ei Sun said the warm-up will begin shortly after guests arrive, followed by a 6.30am flag-off and a lucky draw session upon completion of the run at 8.30am. Participants will cover a 7-kilometre route along Likas Bay, turning back at the Bay 21 roundabout before finishing back at Padang Merdeka, with Chief Minister Datuk Seri Hajiji Noor officiating. Among the notable guests expected are Federal Youth and Sports Minister Hannah Yeoh, Federal Deputy Plantation and Commodities Minister Datuk Chan Foong Hin, Tourism, Culture and Environment Minister Datuk Seri Christina Liew, Industrial Development and Entrepreneurship Minister Datuk Phoong Jin Zhe, Chinese Consul General Zhu Xinglong, Assistant Finance Minister Datuk Tan Lee Fatt, and Deputy Speaker Datuk Richard Yong. Oh extended his gratitude to the State Government, federal ministries, supporting agencies and over 30 sponsors, including platinum sponsor Skechers, for their strong backing. Skechers has also announced the addition of 500 mystery gift boxes worth RM100–RM200 each, raising its total contribution to over RM300,000, including prizes and participant kits. The 350 lucky draw prizes include a year's supply of shoes worth RM5,508 and RM54,500 in cash prizes, with the first 500 finishers eligible to win a bonus mystery box. * Follow us on our official WhatsApp channel and Telegram for breaking news alerts and key updates! * Do you have access to the Daily Express e-paper and online exclusive news? Check out subscription plans available. Stay up-to-date by following Daily Express's Telegram channel. Daily Express Malaysia
The Star
an hour ago
- The Star
Indonesia-US trade deal possible threat to data sovereignty
JAKARTA: A trade agreement between Indonesia and the United States set to include provisions on personal data transfers has raised alarms about the potential undermining of Indonesia's data sovereignty. According to a joint statement on the framework for the prospective settlement published on the White House website on Tuesday (July 22), Jakarta agreed to provide certainty regarding personal data transfers from Indonesia to the US and eliminate tariffs on intangible products by recognising the US as having 'adequate' data protection. Communication and Digital Minister Meutya Hafid wrote in a statement on Thursday that the negotiation was still ongoing, as previously conveyed by President Prabowo Subianto. She added that the agreement could serve as a legal basis for protecting the personal data of Indonesian citizens when using digital services provided by US-based companies, such as search engines, social media cloud services and e-commerce. 'The government will ensure that data transfer to the US will not be carried out carelessly. On the contrary, the whole process will be conducted within a secure and reliable data governance framework,' Meutya noted, adding that the transfer would be carried out under 'tight supervision of the Indonesian authorities, with high caution, based on the national law.' On the same day, Coordinating Economy Minister Airlangga Hartarto said at a press conference that Jakarta had agreed to establish a secure protocol for managing cross-border data flows with the US, without elaborating. 'Cross-border [services] are not limited to the US and include other countries,' he noted, adding that Indonesia had prepared a range of such protocols, including one implemented in the Nongsa Digital Park special economic zone in Batam, Riau Islands. Airlangga added that 12 US tech companies, including Amazon Web Services, Microsoft and Google Cloud, have complied with national regulations by building data centres in Indonesia. Digital advocacy groups, however, have raised concerns over the agreement's potential threat to domestic data rights and privacy, as well as compromised control over the country's digital infrastructure. Hendra Suryakusuma, chairman of the Indonesian Data Centre Providers Organisation, warned that allowing personal data generated in Indonesia to be transferred and analysed in the US could undermine Indonesia's digital sovereignty. 'We are at risk of losing our data control, whether it's strategic, personal or open data. This may also lead to the potential of increased digital dependency,' Hendra told The Jakarta Post on Thursday. He added that the local data centres could end up functioning only as 'edge computing' or 'hybrid cloud generators', roles in which they would no longer serve as the main site for data processing. This might cause prospective industry players to rethink their entry into Indonesia's market, hindering investment, he said, noting that global tech firms that had planned to invest billions of dollars in data centres in the country might divert their investment to the US. Domestic data centre operators, internet service providers and state-owned power monopolist Perusahaan Listrik Negara could also miss out on significant revenue potential driven by demand for data storage and processing, which consumes large amounts of electricity. Hendra also pointed out that the agreement could obscure legal boundaries outlined in the Personal Data Protection (PDP) Law, which requires electronic system operators, particularly those in critical sectors like education, banking and health care, to implement strong, onshore data protection measures. 'The personal data of Indonesian citizens is a strategic [resource]. If we say that data is the new oil, then it must be generated and processed domestically to become our asset,' he said. Hendra urged the government to conduct a comprehensive assessment, preventing the cross-border data agreement from resulting in overdependence and diminished control, worsening already weak data security in the country, marked by breaches reported in the past few years. The Institute for Policy Research and Advocacy for Society (Elsam) has also voiced concern over potential drawbacks of the deal and serious threats to Indonesia's digital ecosystem. In a press release published on Wednesday, Elsam described the digital trade deal as 'unfair', arguing that the agreement favored interests of US-based data storage companies over the protection of personal data. It also highlighted the potential threat of mass surveillance of Indonesian citizens by US authorities, as well as risks from cross-border data flows, given that the Indonesian government has yet to establish a personal data protection body to oversee such practices. 'The absence of this institution, alongside fragmented cross-sectoral regulations, has led to weak oversight of the protection of personal data transferred overseas. This includes an increased risk of data leaks, misuse and violations of privacy rights,' reads the press release. Pratama Persadha, who chairs the cybersecurity watchdog Communication and Information System Security Research Centre, said the agreement could help accelerate the establishment of an independent institution overseeing data protection. However, he added that Indonesia should not overlook the looming risks from the free flow of personal data. Controlled data management is directly linked to the added value of the digital economy, he explained, describing personal data and digital behavior as 'essential raw materials' for the development of artificial intelligence, algorithm-based services and technological innovation. 'If not managed property, our data will only serve as a commodity exploited by foreign entities to build products and services that are then sold back to the Indonesian market,' he wrote in a statement on Thursday. Indonesia should pursue a bilateral agreement to protect its digital rights, he suggested, adding that the country should also strengthen its digital infrastructure, research and the development of local digital talent to maintain technological independence. - The Jakarta Post/ANN
The Sun
3 hours ago
- The Sun
Amazon closes Shanghai AI lab amid US-China tech tensions
SHANGHAI: US tech giant Amazon has closed its artificial intelligence research lab in Shanghai, according to a source familiar with the matter. The lab, part of Amazon Web Services (AWS), was disbanded as AI becomes a key battleground in US-China tech competition. A WeChat post by Wang Minjie, a scientist at the lab, stated the closure was due to 'strategic adjustment between China and the United States.' The post circulated widely on Chinese social media this week. AWS recently announced job cuts, with reports suggesting hundreds of positions were affected. Amazon did not directly confirm the Shanghai lab's shutdown when contacted but acknowledged broader restructuring. 'We've made the difficult business decision to eliminate some roles across particular teams in AWS,' said spokesman Brad Glasser. 'These decisions are necessary as we continue to invest, hire, and optimize resources.' The AWS China webpage for the lab, previously accessible, was taken down this week. Archived records show the lab was launched in 2018 to foster research collaboration. Other US tech firms, including Microsoft and IBM, have also reduced research operations in China as geopolitical tensions persist. - AFP
