Microsoft knew of SharePoint security flaw but failed to effectively patch it, timeline shows
A Microsoft spokesperson confirmed on Tuesday that its initial solution did not work. The spokesperson added that Microsoft had released further patches that fixed the issue. It remains unclear who is behind the ongoing operation, which targeted around 100 organisations over the weekend and is expected to escalate as other hackers join the fray. Microsoft said in a blog post that two allegedly Chinese hacking groups, dubbed "Linen Typhoon" and "Violet Typhoon," were exploiting the vulnerabilities, along with another China-based hacking group.
Microsoft and Alphabet's Google have said that China-linked hackers were likely behind the first wave of hacks. Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies carrying out hacking operations. In an emailed statement, the Chinese embassy in Washington said China opposes all forms of cyberattacks, and "smearing others without solid evidence." The vulnerability that facilitated the attack was first identified in May at a hacking competition in Berlin organised by cybersecurity firm Trend Micro, which offered cash bounties for the discovery of computer bugs in popular software.
It offered a $100,000 prize for "zero-day" exploits, which are called that because they leverage previously undisclosed digital weaknesses that could be used against SharePoint, Microsoft's flagship document management and collaboration platform.
A researcher working for the cybersecurity arm of Viettel, a telecommunications firm operated by Vietnam's military, identified a SharePoint bug at the event, dubbed it "ToolShell" and demonstrated a method of exploiting it. The researcher was awarded $100,000 for the discovery, according to a post on X by Trend Micro's "Zero Day Initiative."
In a statement, Trend Micro said it was the responsibility of vendors participating in its competition to patch and disclose security flaws in "an effective and timely manner."
"Patches will occasionally fail. This has happened with SharePoint in the past," the statement said. Microsoft said in a July 8 security update that it had identified the bug, listed it as a critical vulnerability, and released patches to fix it.
About 10 days later, however, cybersecurity firms started to notice an influx of malicious online activity targeting the same software the bug sought to exploit: SharePoint servers. "Threat actors subsequently developed exploits that appear to bypass these patches," British cybersecurity firm Sophos said in a blog post on Monday.
The pool of potential ToolShell targets remains vast.
According to data from Shodan, a search engine that helps identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
The Shadowserver Foundation, which scans the internet for potential digital vulnerabilities, put the number at a little more than 9,000, while cautioning that the figure was a minimum. It said most of those affected were in the United States and Germany, and the victims included government organisations. Germany's federal office for information security, BSI, said on Tuesday it had found SharePoint servers within government networks that were vulnerable to the ToolShell attack but none had been compromised.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Mint
11 minutes ago
- Mint
Trump's tariffs on India: Experts unveil this strategy for Indian stock market investors
Trump's tariffs on India: U.S. President Donald Trump, on Wednesday, an additional 25 per cent tariff on Indian imports as a punitive measure in response to New Delhi's ongoing purchases of Russian crude oil. With this move, the total U.S. tariff on Indian exports now stands at 50 per cent — 20 percentage points higher than the tariff on Chinese goods — posing a serious blow to India's export competitiveness. The revised tariff regime, revealed late Wednesday, is set to take effect after a 21-day grace period beginning August 27, 2025. Although this period offers a brief opportunity for diplomatic negotiations, both nations currently face limited avenues for resolution. Indian benchmark indices, Sensex and Nifty50, opened lower for the third consecutive session on Thursday, as investor sentiment was hit by the United States' decision to impose an additional 25% tariff on exports, sparking fears of economic repercussions and escalating global trade tensions. By 9:21 am, the BSE Sensex had dropped 266 points, or 0.33%, to 80,359, while the Nifty50 was trading 71 points lower, or 0.3%, at 24,502. " This punitive step threatens to derail the Indo-US strategic and economic relationship, which has evolved steadily since 1998. The implications of these levies extend beyond trade and into critical areas such as technology partnerships, H-1B visa access for Indian tech talent, cross-border capital flows, and the future of US firms' offshore manufacturing in India. The Indian government has strongly denounced the new measures as "unfair, unjustified, and unilateral", and is expected to explore both diplomatic and trade avenues to defend national interests. However, the near-term sentiment in financial markets is likely to remain cautious, as investors brace for potential retaliatory moves and await clarity from upcoming negotiations," said Sugandha Sachdeva- Founder-SS WealthStreet. According to Sachdeva, Nifty is hovering near a key support zone at 24,450, and a breach below this level could trigger a swift decline toward 24,180 in the short term. Key resistance in the near-term rests at the 24,750 and 24,950 levels. " Broader market sentiment may remain under pressure amid geopolitical uncertainty, with volatility expected to intensify, particularly in sectors sensitive to global trade flows, energy imports, and foreign capital exposure. Until there is visible progress on the diplomatic front or signs of a softened stance from the US administration, risk sentiment is expected to stay fragile, and a defensive approach may prevail among market participants. Eyes would also be on the Q1 earnings from several key companies which shall also influence the direction of the market," she said. Santosh Meena, Head of Research at Swastika Investmart, said that India remains a domestic consumption-driven economy, with limited direct exposure to the U.S., except in key sectors like IT, pharmaceuticals, and electronics, which are exempt from the current tariff announcement. However, sectors such as textiles, gems & jewellery, and leather may face sentimental pressure in the near term. Long-Term Investors: Stay the course. This development is a part of ongoing global trade tensions and shouldn't distract from India's long-term growth potential. Near-term volatility is an opportunity—not a threat—for long-term investors. Short-Term Traders: Exercise caution. The short-term outlook remains uncertain due to a combination of muted Q1 earnings, stretched valuations, and global trade tensions. Market texture appears weak in the near term, so a defensive and selective approach is advisable. However, any significant correction should be seen as a buying opportunity, as earnings momentum is expected to improve from the next quarter onward. Disclaimer: This story is for educational purposes only. The views and recommendations above are those of individual analysts or broking companies, not Mint. We advise investors to check with certified experts before making any investment decisions.
Economic Times
11 minutes ago
- Economic Times
Vietnam trade beats estimates as buyers race Trump tariffs
Synopsis Vietnam's exports surged by 16% in July, exceeding expectations, as companies rushed shipments to the US ahead of impending tariffs. While exports to the US rose significantly, imports from China also increased. The tariffs pose a threat to Vietnam's economic growth, prompting trade negotiators to seek alternative markets and boost domestic consumption. iStock The Southeast Asian nation, an export powerhouse that sells everything from coffee and clothing to engine parts, has been shipping more goods this year to buyers aiming to avoid US President Donald Trump's tariffs. Vietnam's exports jumped more than expected in July, with buyers racing to avoid a 20% tariff on the country's exports to the US set to take effect on Aug. rose 16% in July from a year earlier to $42.3 billion, the statistics office said in a statement, beating expectations of 14% growth. Imports rose 17.8% in the period to $40 billion, more than the 15.2% forecast. The trade surplus was $2.27 billion, versus $2.83 billion released in Southeast Asian nation, an export powerhouse that sells everything from coffee and clothing to engine parts, has been shipping more goods this year to buyers aiming to avoid US President Donald Trump's tariffs. The country was initially threatened with a 46% import levy, though that has been lowered to 20%, just one percentage point more than for neighbors Indonesia, Malaysia, the Philippines and Thailand. 'Vietnam posted impressive export figures in July, mostly because companies were rushing to ship goods to the US ahead of the Trump tariffs,' said Tran Tuan Minh, chief executive officer of TVI, a Hanoi-based equity research and investment firm. 'We expect exports to slow significantly later this year, mainly due to the 20% tariffs and especially the 40% rate on transshipments, which still remains quite unclear at this point.' The government said in a statement Wednesday that trade negotiators are working to 'actively continue' talks with Washington. It also reiterated plans to diversify its markets, aiming for trade agreements with the Middle East and India, while increasing domestic consumption of Vietnamese goods. Exports to the US rose 26% in July from a year earlier to $14.2 billion, according to separate customs data released Wednesday. Imports from China increased 30.5% to about $16.7 billion in exports to the US account for roughly a fifth of Vietnam's gross domestic product, and the tariffs pose a threat to factories which have boomed as companies have diversified their supply chains from China. The data was generally positive, with consumer prices rising 3.19% on year, slower than the 3.40% economist estimate and the 3.57% pace of June. Industrial production rose 8.5% on year, and 0.5% compared with June. Commodity exports also gained, with coffee exports rising to 103,000 tons, a 34.6% rise on a year economy has been powering along in 2025, with gross domestic product rising 7.96% in the April-June period from a year earlier, according to data released last month. The government is aiming for 8% growth in 2025, though it's unclear whether the new US tariffs will derail that push.
Economic Times
11 minutes ago
- Economic Times
India is the 'Maharaja of Tariffs', says Trump aide amid escalating US-India trade tensions
Synopsis The US has increased tariffs on Indian goods, citing unfair trade practices. Peter Navarro called India the 'maharaja of tariffs'. He linked India's purchase of Russian oil to the Ukraine war funding. India has strongly protested the US tariff move. India stated that its energy imports are driven by national interest. TIL Creatives AI generated image. White House Trade Adviser Peter Navarro has criticised India's trade practices, calling the country the 'maharaja of tariffs' while defending the US administration's decision to impose steep import duties on Indian has responded strongly to the US tariff move, calling the measures 'unfair, unjustified and unreasonable.' Prime Minister Narendra Modi, too, on Thursday said that India will not compromise on interests of its dairy and farm sector. The additional 25% import duty announced by the US, effective August 27, takes the total tariff on Indian goods entering American markets to 50%. 'You start with the fact that India is the maharaja of tariffs. It's the highest tariffs in the world, charging on American products, and it's got high non-tariff barriers, so we can't get our products in. So we send a lot of dollars overseas to India to buy their products in an unfair trade environment,' Navarro said. Also Read: PM Modi says ready to pay 'heavy price' for farmers' welfare as US trade war continues He linked these trade imbalances to geopolitical concerns, stating that the money spent on Indian imports is used by New Delhi to purchase Russian oil, which in turn funds Moscow's war in Ukraine. 'India then uses American dollars to buy Russian oil. Russia then uses those American dollars that come from India to finance its armaments to kill Ukrainians. And then American taxpayers are then called upon to pay for the weapons that have to defend Ukraine against Russian armaments paid for by American dollars that came from India,' Navarro further emphasised that the rationale for these tariffs differs from the US policy toward China, where similar duties are in place. 'Let's talk first about the India tariffs, which went up to 50 per cent today. It's important to understand that the rationale for the Indian tariffs are very different from the reciprocal tariffs. This was a pure national security issue associated with India's abject refusal to stop buying Russian oil,' he said. Also Read: Reciprocal tariffs begin at midnight, billions of dollars will flow into USA: Trump Navarro noted that while the US already imposes tariffs exceeding 50% on Chinese goods, it is careful not to harm its own economic interests in the process. 'As the boss says, let's see what happens. Keep in mind that we have over 50 per cent tariffs on China already. We have over 50 per cent tariffs on China, so we don't want to get to a point where we actually hurt ourselves. And I think I've given a really good answer to that,' he added. He also said President Donald Trump views economic decisions as integral to national security. 'That's got to stop. That math doesn't work. The president understands the connection between economic security and national security. So that was the bottom line there.'
