Latest news with #Sharepoint
Ammon
02-08-2025
- Politics
- Ammon
China accuses US of exploiting Microsoft zero-day in cyberattack
Ammon News - U.S. intelligence agencies launched cyberattacks on two Chinese military enterprises dating back to 2022, in one case exploiting a Microsoft zero-day, China alleged Friday. The Cyber Security Association of China said that in the first case, U.S. agencies from July of 2022 to July of 2023 'exploited a zero-day vulnerability in Microsoft Exchange Mail to attack and control the mail server of a major Chinese military enterprise for nearly a year,' according to a Google translation of the statement. They then used that access to steal data, the statement continues. In the second case, the association said the U.S. agencies 'launched a cyberattack against a Chinese military enterprise in the communications and satellite internet sectors' from July to November of last year by exploiting vulnerabilities in electronic file systems, where they also stole information. The statement didn't name either enterprise. While Chinese allegations of U.S. government hacking have become increasingly common — including a batch of allegations in April and in December of last year — the latest accusation is notable for its assertion that the agencies exploited a zero-day, or previously unknown and unpatched vulnerability, at U.S.-headquarted Microsoft. Last week, Microsoft accused Chinese government-linked hackers of exploiting zero-days in its Sharepoint product in its own most recent finger-pointing at Beijing. The Office of the Director of National Intelligence did not immediately respond to a request for comment Friday. Asked on Fox News in June about Chinese hacking and theft of U.S. intellectual property, President Donald Trump answered bluntly. 'You don't think we do that to them? We do. We do a lot of things,' Trump said. 'That's the way the world works. It's a nasty world.' China has also alleged cyberattacks from other governments, particularly from Taiwan, even as it has focused much of its attention on the United States. It tallied 600 foreign government-level attacks in 2024 alone. 'Hacker groups, particularly those affiliated with US intelligence agencies, leverage established cyberattack teams, extensive supporting engineering systems, a standardized attack equipment arsenal, and robust vulnerability analysis and discovery capabilities to conduct attacks and infiltration against [China's] critical information infrastructure, important information systems, and key personnel, posing a serious threat to national cybersecurity,' the Friday statement reads. CyberScoop
Time of India
24-07-2025
- Time of India
Microsoft warns of ransomware surge in SharePoint server attacks linked to Chinese hackers
Microsoft Sharepoint zero-day vulnerability Microsoft has issued a warring to organisations that are using on-premises SharePoint servers. The tech giant has confirmed that the hackers are exploiting vulnerabilities in its on on-premises SharePoint servers to deploy ransomware. The Microsoft Threat Intelligence team has identified a specific actor, designated Storm-2603 , as being responsible for these new ransomware campaigns. Earlier, the exploration of SharePoint vulnerabilities led of data exfiltration , but the latest observations suggest motivated financial attacks leveraging the Warlock ransomware. Hackers are using the Warlock ransomware to paralyze networks and demand cryptocurrency payments. How the attack works In an updated blog post Microsoft explains that the attack starts with the exploitation of an internet-facing on-premises SharePoint server. This initial breach grants Storm-2603 access to the environment, often facilitated by a payload named Once the hacker gains access they then move ahead and deploy ransomware. Microsoft has confirmed that SharePoint Online is not affected, but on-premises versions—including SharePoint 2016, 2019, and Subscription Edition—remain vulnerable if not patched. Three Chinese state-sponsored groups behind global attack Microsoft identified three China-linked groups—Linen Typhoon, Violet Typhoon, and Storm-2603—as exploiting critical vulnerabilities in SharePoint servers that rendered customers running the software on their own networks vulnerable to attack. The breaches affected organizations across multiple sectors, including government agencies, energy companies, consulting firms, and universities spanning from the US to Europe and the Middle East. No sensitive or classified information was reportedly compromised in the National Nuclear Security Administration breach, according to sources familiar with the matter. The semiautonomous Energy Department arm responsible for producing and dismantling nuclear weapons was targeted alongside other federal agencies including the US Education Department. What organisation should do Microsoft has also shared some guidelines for users to protect their on-premises SharePoint Server environment. The company has asked the users to: - Enable Antimalware Scan Interface (AMSI) integration and deploy Defender AV on all SharePoint servers - If AMSI cannot be enabled, Microsoft recommends disconnecting servers from the internet - Use Defender for Endpoint to detect post-exploit activity and monitor for suspicious file creation like
Forbes
22-07-2025
- Forbes
The Wiretap: Chinese Hackers Exploit Microsoft Sharepoint 0-Day, Google Warns
The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here. getty In what's one of the more significant series of cyberattacks in 2025, hackers are targeting a severe weakness in Microsoft's Sharepoint software, which is used by its customers to build and manage shared files. Among the attackers, according to Google security researchers, is a Chinese-affiliated group. Late last week, Microsoft said it was aware of attacks targeting its SharePoint customers who use the system on their own servers. Google said hackers were using the Sharepoint vulnerability to install malware on those servers, which enables them to steal data, including cryptographic keys protecting sensitive information. Though Microsoft has said a fix is available for all affected customers, it's likely many have yet to fully patch their systems. 'It's critical to understand that multiple actors are now actively exploiting this vulnerability,' said Charles Carmakal, CTO of Mandiant Consulting at Google Cloud. 'We fully anticipate that this trend will continue, as various other threat actors, driven by diverse motivations, will leverage this exploit as well.' Carmakal didn't offer much details on which Chinese hackers were targeting the Sharepoint flaws. But according to the Washington Post, the system is commonly used by American federal and state agencies, making fixes that much more urgent. Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964. THE BIG STORY: Microsoft Used Chinese Engineers For Department of Defense Computers (Photo by NOEL CELIS/AFP via Getty Images) AFP via Getty Images ProPublica has reported on a previously-unknown Microsoft program employing China-based coders to maintain Defense Department systems. The Chinese workers were monitored by low-paid, U.S.-based 'digital escorts,' few of whom had the technical expertise to ensure the system's integrity, the news site reported. There are fears the program may have exposed intelligence to China. Microsoft has since shut the program down. Stories You Have To Read Today Google has filed a lawsuit (PDF) claiming 25 unidentified individuals are running the BadBox botnet, which has compromised as many as 10 million internet-connected TVs that use open source Android software. The tech giant has been given permission to stop the accused from operating certain domains they used to run the botnet. Notting Hill Carnival is going to be using live facial recognition this August in an attempt to identify criminals attending the world-famous event. Privacy activists heavily criticized the move. 'Plans to use this dangerous and discriminatory technology should be immediately scrapped,' said Big Brother Watch interim director Rebecca Vincent. The U.K. government sanctioned three Russian spy units for their part in cyber operations and said it had identified malware developed by Kremlin hackers that had obtained 'persistent endpoint access to Microsoft cloud accounts by blending in with legitimate activity.' Winner of the Week Exein, a cyber startup that's created a 'digital immune system' for connected devices, has announced a $80 million Series C funding round. Founded in Italy, its security tech is aimed at providers of so-called Internet-of-Things devices, from routers to smart TVs. Loser of the Week New Jersey man Navin Khanna has pleaded guilty to running a criminal enterprise that stole thousands of catalytic converters from vehicles and sold them on, making as much as $600 million in the process. Such converters are designed to reduce toxic pollutants from car exhausts. Khanna found he could sell them to a metal refinery that extracted precious metals to make his fortune. More On Forbes Forbes Why JPMorgan Is Hitting Fintechs With Stunning New Fees For Data Access Forbes The Best Places To Retire Abroad In 2025 Forbes Inside America's Top Small Business Bank
New York Post
10-07-2025
- New York Post
Thousands report issues with Microsoft Outlook email in apparent outage
Thousands of users reported issues accessing their Outlook email accounts as Microsoft appeared to suffer an outage Thursday morning. More than 2,100 customers reported trouble with their Outlook accounts by approximately 9:30 a.m. ET, according to Another 250 reported issues across Microsoft 365, which includes office programs like Skype and Sharepoint. Advertisement Thousands of users reported issues accessing their Microsoft Outlook email accounts on Thursday. AP Many complaints reported an inability to log in to Microsoft accounts. Microsoft did not immediately respond to The Post's request for comment.
The Hindu
05-06-2025
- Business
- The Hindu
ChatGPT introduces record mode and connectors with Google Drive and DropBox for enterprises
OpenAI has announced new features for ChatGPT business users including connectors and a recording feature for meetings. Users will be able to connect ChatGPT with DropBox, Sharepoint, OneDrive, Google Drive and Box to look for specific data without leaving ChatGPT. 'For example, a researcher could use the Box connector to quickly retrieve quarterly sales metrics from PDFs or spreadsheets stored in Box. ChatGPT will structure and clearly present the data - and respect your organization's existing permissions on the user level - from those documents, with citations,' the announcement made by the company said. Admins will be able to choose which connectors to enable at the workspace level by hierarchy. Meanwhile, Record mode in ChatGPT helps users record and transcribe meetings, generate clear notes, timestamp citations, and offer AI-powered suggestions. Users will be able to recall past decisions and follow-up actions from documents and saved files and even turn recorded discussions into actionable items as a Canvas document, ChatGPT's interface or writing and coding. Additionally, the beta for deep research connectors is now available with HubSpot, Linear, as well as many popular Microsoft and Google tools. 'These build on Deep Research, an agent that conducts multi-step research for complex tasks, by gathering, synthesizing, and presenting information from third-party tools and the web,' the company stated. Connectors are currently available to all Team, Enterprise, and Edu users. Customers can also use model context protocol (MCP) to connect to other tools for deep research. MCP support will be available to Pro, Team, and Enterprise users.
