Microsoft says Chinese state-backed hackers exploiting flaws in attacks
BEIJING – Microsoft said that Chinese state-sponsored actors were exploiting vulnerabilities in one of its popular collaboration software products, SharePoint, which is used by US government agencies and many companies worldwide.
Microsoft said in a notice on its security blog on July 22 that it had identified at least two China-based groups linked to the Chinese government that it said had been taking advantage of security flaws in its SharePoint software. Such attacks aim to sneak into the computer systems of users.
Those groups, called Linen Typhoon and Violet Typhoon, were ones that Microsoft said it had been tracking for years, and which it said had been targeting organisations and personnel related to government, defence, human rights, higher education, media, and financial and health services in the United States, Europe and East Asia.
Microsoft said another actor, which it called Storm-2603, was also involved in the hacking campaign. It said it had 'medium confidence' that Storm-2603 was a 'China-based threat actor'.
The US government's Cybersecurity and Infrastructure Security Agency issued a notice that said it was aware of the hacking attack on SharePoint. It added that it had notified 'critical infrastructure organisations' that were affected.
'While the scope and impact continue to be assessed,' the agency said, the vulnerabilities would enable 'malicious actors to fully access SharePoint content, including file systems and internal configurations and execute code over the network.'
A Microsoft spokesperson wrote in an emailed response that the company had been 'coordinating closely' with the Cybersecurity and Infrastructure Security Agency, the Department of Defense's Cyber Defense Command and 'key cybersecurity partners globally throughout our response'.
The Chinese Embassy in Washington did not immediately respond to a request for comment. China has routinely denied being behind cyberattacks and asserts that it is a victim of them.
Microsoft said in its blog post that investigations into other actors also using these exploits were still ongoing.
Eye Security, a cybersecurity firm, said that it had scanned more than 23,000 SharePoint servers worldwide, and discovered more than 400 systems had been actively compromised.
The cybersecurity firm also noted that the breaches could allow hackers to steal cryptographic keys that would allow them to impersonate users or services even after the server was patched. It said users would need to take further steps to protect their information.
Chinese hackers have shown growing sophistication in their ability to penetrate US government systems, leaving American officials increasingly alarmed. During a breach of the US telecommunications system last year, Chinese hackers were able to listen in on telephone conversations and read text messages, members of Congress said.
The hack was considered so severe that former President Joe Biden took it up directly with President Xi Jinping of China when they met in Peru in November.
In this latest breach, Microsoft said hackers had been using the software weaknesses to attempt, and gain, access to 'target organisations' since as early as July 7. It issued security updates and urged users to install them immediately.
Microsoft revealed the vulnerabilities in SharePoint this month, but at first patched them only partially. It said on July 19 that it was aware of active attacks trying to exploit those vulnerabilities.
Cybersecurity firms had said that they believed Chinese actors were among those attackers, even before Microsoft said so on July 22.
SharePoint helps organisations create websites and manage documents. It integrates with other Microsoft services such as Office, Teams and Outlook.
Microsoft said the vulnerabilities affected only on-premises SharePoint servers, meaning those managed by organisations on their own computer networks, and not those operated on Microsoft's cloud.
Palo Alto Networks, a cybersecurity company, said in a post about the breach that on-premises servers 'particularly within government, schools, health care (including hospitals) and large enterprise companies' were 'at immediate risk.'
'A compromise in this situation doesn't stay contained, it opens the door to the entire network,' the cybersecurity company said. NYTIMES
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNA
29 minutes ago
- CNA
'CT scans' to detect sinkholes? A Singaporean firm in China seeks to bring this technology home
SHENZHEN: Moving slowly along a quiet stretch of road, a sophisticated radar unit mounted on the back of a van is lowered close to the ground. Its aim: to scan for and detect anomalies and underground risks before they become sinkholes. A live feed streams from inside the vehicle. It looks like a CT scan but instead of body parts, it reveals layers of soil, buried pipes and even cavities usually invisible to the naked eye. 'It's like a health checkup but for infrastructure,' said Zhi Haiyan, an engineer and founder of DECOD Science & Technology, a Singapore company now piloting the system in Shenzhen. As sinkholes swallow roads from Singapore to Kuala Lumpur, Seoul, and cities across China, such emerging technology is at the forefront of the race to detect them before disaster strikes. GLOBAL HOMECOMING Founded in Singapore in 2003 with support from the Economic Development Board (EDB), DECOD has become widely recognised in China as a pioneer in ground-penetrating radar (GPR) technology. Zhi was once described by state media outlet People's Daily as 'a leading figure' in advancing GPR technology across critical infrastructure sectors. The 66-year-old was born in China and became a Singapore citizen in 2011. He graduated from Tsinghua University in 1983, majoring in Radio Technology and Information Systems. Before founding DECOD, Zhi worked in China's aerospace sector on GPR research and development. In 2022, he established a joint venture in Shenzhen to expand applications in the China market, with Singapore remaining the base for global expansion. DECOD's 3D mobile GPR system is currently being piloted in Shenzhen's Guangming district, an area known for its vast nature and forest attractions. A pilot trial began in the wake of a deadly expressway collapse in Guangdong last May, which killed 52 people and injured 30 others when a road section caved in during heavy rain. Every day, for more than seven hours, DECOD's radar-mounted vehicles have been scanning roads throughout the district. To date, the system has identified and flagged more than 100 underground anomalies including voids, delamination zones where structural layers have separated, and loose soil. The company is also working with an airport group in western China to inspect over 30 runways. It is collaborating with AI researchers to improve radar detection accuracy, Zhi said. The goal is to train algorithms to automatically interpret radar scans and assign risk levels using GPS-linked, colour-coded visual outputs, he added. 'Eventually, we hope city officials can respond to alerts directly, without needing a technical team to interpret every scan.' Following its success in China, the company is now turning its focus back to Singapore as it prepares for global expansion. 'Singapore's Smart Nation model is a great example of how infrastructure can be treated like a health checkup - problems can be discovered and fixed early,' Zhi said. 'We want to show that our radar system can be part of this diagnostic process.' The company said that it is currently in talks with several Singapore agencies like the Land Transport Authority (LTA), Building and Construction Authority (BCA) and ST Engineering about possible pilot deployments involving routine road scans, underground structural monitoring, or integration with city planning systems. 'Singapore is an ideal prototype - it is small, dense, highly urbanised and forward-looking," he added. "It is also internationally trusted, which matters if you are hoping to bring (your products) to global markets.' 'We want to help cities around the world monitor the health of their infrastructure," Zhi added. "But we also want to show how powerful this technology can be when used preventively, not just reactively.' "HEALTH CHECKUPS" FOR ROADS Using advanced radar technology, anomalies and underground risks like loose soil or pipeline shifts can be detected beneath roads, highways, railways and even airplane runways early - without digging or disrupting traffic. 'We are just like doctors who use CT scans to see what's happening inside the body,' Zhi said. 'It's like … (how) you monitor a small tumour and act before it grows.' 'We use our radars to spot underground risks before they turn into disasters.' The radar soon picks up a yellow signal and Zhi springs to life. He soon calls over a technician and within minutes, a team is deployed, drilling into the site which revealed an underground void. Data is logged, geotagged and uploaded to a cloud dashboard system that notifies Shenzhen emergency officials, Zhi said, allowing them to monitor high-risk sites in real time. 'Our system uploads real-time scan data to the cloud, building a database over time,' he added. Unlike traditional GPR systems which require extensive processing and are only able to generate flat one-dimensional (1D) or two-dimensional (2D) readings and images, DECOD's system produces high-resolution 3D visuals in real time, showing the depth and width of underground anomalies like voids, loose soil or distorted pipelines. Each scan can also be tailored based on depth and resolution. Antennas detect underground objects up to five metres deep while the system's AI identifies patterns and produces colour-coded maps with risk indicators. Blue denotes lower-risk areas, while yellow and red zones point to more serious structural risks. Over time, the platform would be able to construct a 4D model of the site, tracking how subsurface conditions can evolve over days, weeks or months. 'Our greatest advantage is that we can see what others cannot,' Zhi said. 'This technology doesn't just tell you where the problem is, it gives you time to fix it before it becomes dangerous.' AVERTING DISASTER Sinkholes have been making global headlines, with cases reported in several densely populated, fast-growing Asian cities. Their increasing frequency and severity highlight an alarming trend, experts said, renewing public concerns over infrastructure safety. Dozens of sinkholes were reported in Seoul in 2023. In India, incidents have been recorded in megacities like Delhi and Mumbai, often after monsoon rains when floodwaters overwhelm urban drainage systems. Last December, a deep sinkhole appeared in a village in southwest China's Guizhou province. In just over two years, the village saw more than 30 sinkholes, some as deep as three metres. A nightmare eight-metre-deep sinkhole that opened beneath a pavement in Kuala Lumpur last August swallowed a 48-year-old tourist from India, sending search and rescue teams scrambling. Days later, a second sinkhole, believed to have been caused by a downpour, opened nearby. In Singapore, a large sinkhole along Tanjong Katong Road on Jul 26 made national headlines and sparked public safety concerns and panic - a car had fallen in and its female driver had to be rescued by workers and taken to hospital. Sinkholes rarely happen without warning, experts said, but in many cases, early signals go unnoticed - or worse, ignored. 'Some governments may not feel an urgency because these dangers are hidden," Zhi said. "But by the time a collapse happens, it would already be too late.' While the causes of individual incidents vary, the most common triggers are well known: leaking underground pipes, poor soil conditions, ageing infrastructure and weak inspection. Nino Welland, a senior principal consultant at WSP, a Canadian engineering firm, said immediate causes of sinkholes often stem from poorly compacted fill or infrastructure damage. 'This can be either karst topography with ingress of water (where the dissolving of bedrock creates sinkholes) … or erosion of any poorly compacted fill beneath infrastructure with leaking water or sewer pipes,' he told CNA. Construction - tunnelling, utility works and pile driving - can also quietly shift ground foundations or hollow out soil layers, creating hazards invisible from the surface, he added. Wu Wei, a rock engineering expert and assistant professor at Nanyang Technological University (NTU), has developed a new solution with his team to detect underground activity. Called seismic scattering, the method uses seismic waveforms and unsupervised machine learning to map out small-scale underground openings, even when masked by noise or complex subsurface conditions. As climate risks increase and road infrastructures age, Zhi from DECOD believes it is no longer optional to monitor what lies beneath. Like regular medical health checkups, city councils must regularly manage roads, tunnels and utilities. 'In the past … everything had to be done manually, and progress was slow,' Zhi said. 'Now, things move much faster and I believe that with new technologies being introduced, we can quickly prevent potential disasters before they happen.' In China, road infrastructure maintenance varies significantly by city and region - with some areas struggling to finance much-needed repairs. In a 2024 commentary published in China Highway magazine, researchers from China's Highway Research Institute estimated that about 40 per cent of roads were due for maintenance but lacked funding, with a funding gap of around 50 per cent. The shortfall is expected to widen as the road network continues to expand. This technology could fill a gap, experts said, where current sinkhole detection models and methods have been shallow, destructive or limited to 2D imaging - making it harder to detect smaller underground risks. Engineer David Ng, also chairman of the civil and structural technical committee at the Singapore's Institution of Engineers (IES), said advanced radar technology offers a broader view of what lies beneath the surface, areas typically covered by pavements or other structures. 'This technology (is a) non-destructive way of seeing the condition of the ground underneath pavements,' he said, adding that using 5G technology would allow for 'very fast access to the information'. But even the clearest radar images would still need to be interpreted by professionals, said Welland. 'GPR 3D detection is useful but needs to be partnered with other investigation techniques, such as desktop study, local knowledge, geo mapping, gravity surveys and drilling,' he added. 'Only qualified engineering geologists should be used for interpretation and assessment.' GPR technology performance could be compromised by issues like groundwater, Wu from NTU noted, recommending a combination of methods for better results. For instance, techniques like seismic reflection - developed by his team - are effective at identifying deeper and larger subsurface structures, Wu said. 'Each method has its own strengths and weaknesses, so a combined approach is often the most effective,' Wu said, adding that integrating data from various sources to train AI models for sinkhole prediction holds promise, with early success already seen in landslide forecasting.
Business Times
8 hours ago
- Business Times
The AI race has big tech spending US$344 billion this year
[LONDON] If there's any lesson to take from the spending plans issued by the world's largest technology companies over the past two weeks, it's to never underestimate the fear of missing out. Microsoft, which set a US$24.2 billion capital spending record last quarter, plans to drop upwards of US$30 billion in the current period. similarly spent US$31.4 billion last quarter, almost double what it dropped a year ago, and is maintaining that level of investment. Google owner Alphabet raised its capital expenditures guidance this year to US$85 billion. Then there's Meta Platforms: The social networking giant lifted the low end of its forecast for 2025 capital expenditures and projected that costs will continue to grow at an even faster pace next year. Altogether, the four companies are expected to spend more than US$344 billion for the year, with much of it going to the data centres necessary to run artificial intelligence (AI) models. 'We have basically tripled capex investment in cloud due to AI,' Bloomberg Intelligence analyst Mandeep Singh said. The emphasis from virtually every company executive during this earnings season was on investing as quickly as possible to get ahead. 'We need the teams to execute at their very best to get the capacity in place as quickly and effectively as they can,' Microsoft chief financial officer Amy Hood told analysts in a call on Wednesday. Susan Li, Meta's CFO, said the goal of its own spend is to secure the advantage 'in developing the best AI models'. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up Wall Street's response has been mixed. Meta was rewarded – in large part because the company posted a strong second-quarter sales beat and issued a rosy revenue forecast, signalling that the billions it's spending on AI are paying off. 'On advertising, the strong performance this quarter is largely thanks to AI unlocking greater efficiency and gains across our ad system,' chief executive officer Mark Zuckerberg said on an analyst call. Zuckerberg has plans to build several massive data centres and has been luring top AI researchers with compensation packages valued at hundreds of millions of US dollars. The company recently restructured its internal AI division, now referred to as Meta Superintelligence Labs, in an effort to build human-level AI capabilities and apply that technology across its products. Shares of the company have gained more than 8 per cent since it reported earnings on Wednesday. Amazon, on the other hand, failed to convince investors that its lavish spending has been worth it. The stock was down as much as 8.1 per cent on Friday after the company reported tepid sales from its cloud division. The results were 'especially disappointing' given the strong performance from Google's and Microsoft's own cloud services, according to Bloomberg Intelligence (BI). And the ongoing capital costs will not help. The operating margin for Amazon's cloud unit will continue to face pressure 'through 2026 as capital spending ramps up', BI analysts Poonam Goyal and Anurag Rana said. Alphabet's shares are essentially unchanged from last week when it reported earnings and issued guidance. The company raised its capital expenditures outlook by US$10 billion and expects to ramp up spending even more in 2026. chief executive officer Sundar Pichai explained that the investments are necessary to keep up with customer demand. 'Obviously, we are seeing strong momentum across our portfolio, and especially in cloud,' Pichai told analysts in a call on Jul 23. 'It's a tight supply environment, and we are investing more to expand.' Nikhil Lai, an analyst at Forrester, put it another way: If Google wants to keep up with rivals, he said, it has little choice but to follow suit: 'Google's hand is forced by OpenAI to spend tremendously on AI's infrastructure and applications.' Microsoft tied its AI investments directly to a 39 per cent jump in sales for its Azure cloud-computing division, which came in ahead of analysts' estimates. 'We continue to lead the AI infrastructure wave and took share every quarter this year,' chief executive officer Satya Nadella said in a call with analysts on Jul 30. 'In Microsoft's case, the returns are good,' Gil Luria, an analyst with DA Davidson, said. The only question now is whether Microsoft's customers are in turn seeing a decent return on investment, he said. 'That's where the test will be,' he said. 'If they don't, they are not going to increase that spend next year.' Apple's capital plans pale in comparison to its big tech peers. But the iPhone maker did raise its spending estimates, tying much of the increase to AI efforts. Apple's property, plant and equipment investments totalled US$9.47 billion in the nine months ended Jun 28, up nearly 45 per cent from a year ago. 'You are going to continue to see our capex grow,' chief financial officer Kevan Parekh told analysts on Thursday. 'It's not going to be exponential growth, but it is going to grow, substantially. And a lot of that's a function of the investments we are making in AI.' BLOOMBERG
Business Times
9 hours ago
- Business Times
Wall Street banks lose ground in Europe as tariffs spook clients
AS US President Donald Trump has ratcheted up his rhetoric against trading partners in Europe, corporates across the continent are taking notice. Some companies have begun to diversify their banking relationships away from the giants of Wall Street, according to data compiled by Bloomberg. That has been a boon for Europe's leading banks, which have been actively vying to win the extra business. 'Some players are saying that it's better to go to European or French investment banks for advice on financing or mergers and acquisitions,' said Arnaud Petit, managing director of Edmond de Rothschild's corporate finance business. Deutsche Bank chief executive officer Christian Sewing said he sees similar in potential clients' requests for proposals. 'It is happening every day with client wins and RFPs and new business that we put on.' So far this year, roughly half of the euro bond deals from non-US companies did not involve any of the five biggest US banks, according to data compiled by Bloomberg. That is up five percentage points from a year earlier. For sterling bonds, the gap has widened even further. Wall Street banks were shut out of just 47 per cent of deals throughout all of last year. So far this year, though, they have been excluded from 64 per cent of them. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up The emergence of the ability of a few European banks 'to be able to offer competitive services and advice to clients' has created a desire among clients to switch, according to UBS chief executive Sergio Ermotti. 'We believe we are well-placed to continue to benefit from that diversification.' 'Specific skills' Even before Trump's trade war kicked off in earnest, the biggest of the US banks warned that it was starting to see an impact. By April, JPMorgan Chase had already lost 'a couple' of bond deals tied to the tariff uncertainty, with companies opting for local banks instead, chief executive officer Jamie Dimon said in an interview with Fox Business at the time. He warned that the tumult was 'causing cumulative damage, including huge anger at the United States'. The latest example of a win for non-US banks came this week, when Zurich-based insurer Chubb issued an offshore yuan bond. It opted for Standard Chartered to help take on the deal. The bank was told: 'We want to bank with the regional champions, rather than just with global banks in general,' Standard Chartered chief financial officer Diego de Giorgi said. 'Because we think that you guys bring specific skills in a world that is fragmenting.' Chubb is not an exception. The effect is most pronounced in Asia, where economies are expected to be hard hit by the changing trade regimes and the re-routing of supply chains, said Ruchirangad Agarwal, head of corporate banking for Asia and the Middle East at research firm Coalition Greenwich. 'The willingness of companies in Asia to change their transaction bank is currently at a high: a third of them plan to issue a new (request for proposal) within the next 12 months,' Agarwal said. Already, US lenders' market share in financing trade for Chinese companies has dropped in recent years, from 12 per cent in 2017 to about 7 per cent share now, he added. Martin Smith, head of markets analysis at East & Partners, said: 'We expect to see heightened uncertainty and customer churn at US banks as large corporates take an active risk management stance on FX, interest rates, counterparty risk, geopolitical tensions and supply chain disruptions.' BNP Paribas, meanwhile, has gained more share than any other player in Asia, he added. 'There are clearly strategic opportunities in the tectonic shifts that the world has been seeing in recent months,' Societe Generale chief executive officer Slawomir Krupa said of companies looking to shift toward European banking partners. 'The logic behind this form of risk diversification has become more apparent for companies.' BLOOMBERG
