Latest news with #Storm-2603
The Hindu
5 days ago
- Business
- The Hindu
Risk highlighted as Chinese hackers hit Microsoft
Software giant Microsoft is at the centre of cybersecurity storm after China-linked hackers exploited flaws in SharePoint servers to target hundreds of organisations. While such cyberattacks are not new, the scale of the onslaught and the speed with which the hackers took advantage of freshly discovered vulnerabilities is fuelling concern. Dutch startup Eye Security warned Saturday of online attacks targeting SharePoint file-sharing servers, with Microsoft quick to confirm the report and release patches to protect systems. The vulnerability allowed hackers to retrieve credentials and then access SharePoint servers kept at users' facilities, according to Microsoft. Cloud-based SharePoint software was safe from the problem, the company said. Eye Security determined that more than 400 computer systems were compromised by hackers during waves of attacks. Targets included government organisations in Europe, the Middle East and the United States, among them the U.S. nuclear weapons agency, media reports indicated. "On-premises SharePoint deployments - particularly within government, schools, healthcare and large enterprise companies - are at immediate risk," cybersecurity firm Palo Alto Networks warned in a note. Microsoft has not disclosed the number of victims in the attacks. SharePoint had more than 200 million active users as of 2020, according to the most recent figures available from Microsoft. Microsoft has attributed the cyberattacks to groups backed by China. The culprits are believed to include Chinese state actors known as Linen Typhoon and Violet Typhoon along with a group called Storm-2603 which "is considered with moderate confidence to be a threat actor based in China." The Typhoon groups have been active for a decade or more, and are known for intellectual property theft as well as espionage, according to Microsoft. Less was known about Storm-2603 and its motives. "Investigations into other actors also using these exploits are ongoing," Microsoft said, urging users to patch SharePoint servers to avoid becoming hacking victims. Cybersecurity specialist Damien Bancal noted in a recent blog post that he found "ready-to-use exploit code" for the vulnerability at a popular website. The assault on SharePoint servers is the latest in a series of sophisticated attacks carried out by state-sponsored groups against "the Microsoft ecosystem," according to Bancal. In 2021, attacks by a Chinese hacker group known as Silk Typhoon compromised tens of thousands of email servers using Microsft Exchange software. Microsoft's success at making its software commonplace in offices and homes also makes it a prime target for hackers out to steal money or information. Microsoft software can hold sensitive and valuable information. "It's not Microsoft that is being targeted, it's its customers," said Shane Barney, head of information security at US-based Keeper. Targeting Microsoft programmes is a means to an end, and tomorrow it could be software from another company, said Rodrigue Le Bayon, head of Orange Cyberdefense computer emergency response team. China is not the only nation backing hacker operations as countries around the world hone cyber capabilities, according to Le Bayon. Nevertheless, China is repeatedly singled out by companies and governments hit by hacks. Western countries have accused hacker groups allegedly supported by China of conducting a global cyber espionage campaign against figures critical of Beijing, democratic institutions, and companies in various sensitive sectors.
Mint
5 days ago
- Business
- Mint
Risk highlighted as Chinese hackers hit Microsoft
Software giant Microsoft is at the center of cybersecurity storm after China-linked hackers exploited flaws in SharePoint servers to target hundreds of organizations. While such cyberattacks are not new, the scale of the onslaught and the speed with which the hackers took advantage of freshly discovered vulnerabilities is fueling concern. Dutch startup Eye Security warned Saturday of online attacks targeting SharePoint file-sharing servers, with Microsoft quick to confirm the report and release patches to protect systems. The vulnerability allowed hackers to retrieve credentials and then access SharePoint servers kept at users' facilities, according to Microsoft. Cloud-based SharePoint software was safe from the problem, the company said. Eye Security determined that more than 400 computer systems were compromised by hackers during waves of attacks. Targets included government organizations in Europe, the Middle East and the United States - among them the US nuclear weapons agency, media reports indicated. "On-premises SharePoint deployments - particularly within government, schools, healthcare and large enterprise companies - are at immediate risk," cybersecurity firm Palo Alto Networks warned in a note. Microsoft has not disclosed the number of victims in the attacks. SharePoint had more than 200 million active users as of 2020, according to the most recent figures available from Microsoft. Microsoft has attributed the cyberattacks to groups backed by China. The culprits are believed to include Chinese state actors known as Linen Typhoon and Violet Typhoon along with a group called Storm-2603 which "is considered with moderate confidence to be a threat actor based in China." The Typhoon groups have been active for a decade or more, and are known for intellectual property theft as well as espionage, according to Microsoft. Less was known about Storm-2603 and its motives. "Investigations into other actors also using these exploits are ongoing," Microsoft said, urging users to patch SharePoint servers to avoid becoming hacking victims. Cybersecurity specialist Damien Bancal noted in a recent blog post that he found "ready-to-use exploit code" for the vulnerability at a popular website. The assault on SharePoint servers is the latest in a series of sophisticated attacks carried out by state-sponsored groups against "the Microsoft ecosystem," according to Bancal. In 2021, attacks by a Chinese hacker group known as Silk Typhoon compromised tens of thousands of email servers using Microsft Exchange software. Microsoft's success at making its software commonplace in offices and homes also makes it a prime target for hackers out to steal money or information. Microsoft software can hold sensitive and valuable information. "It's not Microsoft that is being targeted, it's its customers," said Shane Barney, head of information security at US-based Keeper. Targeting Microsoft programs is a means to an end, and tomorrow it could be software from another company, said Rodrigue Le Bayon, head of Orange Cyberdefense computer emergency response team. China is not the only nation backing hacker operations as countries around the world hone cyber capabilities, according to Le Bayon. Nevertheless, China is repeatedly singled out by companies and goverments hit by hacks.
Arab News
5 days ago
- Business
- Arab News
Risk highlighted as Chinese hackers hit Microsoft
PARIS : Software giant Microsoft is at the center of cybersecurity storm after China-linked hackers exploited flaws in SharePoint servers to target hundreds of organizations. While such cyberattacks are not new, the scale of the onslaught and the speed with which the hackers took advantage of freshly discovered vulnerabilities is fueling concern. Dutch startup Eye Security warned Saturday of online attacks targeting SharePoint file-sharing servers, with Microsoft quick to confirm the report and release patches to protect systems. The vulnerability allowed hackers to retrieve credentials and then access SharePoint servers kept at users' facilities, according to Microsoft. Cloud-based SharePoint software was safe from the problem, the company said. Eye Security determined that more than 400 computer systems were compromised by hackers during waves of attacks. Targets included government organizations in Europe, the Middle East and the United States — among them the US nuclear weapons agency, media reports indicated. 'On-premises SharePoint deployments — particularly within government, schools, health care and large enterprise companies — are at immediate risk,' cybersecurity firm Palo Alto Networks warned in a note. Microsoft has not disclosed the number of victims in the attacks. SharePoint had more than 200 million active users as of 2020, according to the most recent figures available from Microsoft. Microsoft has attributed the cyberattacks to groups backed by China. The culprits are believed to include Chinese state actors known as Linen Typhoon and Violet Typhoon along with a group called Storm-2603 which 'is considered with moderate confidence to be a threat actor based in China.' The Typhoon groups have been active for a decade or more, and are known for intellectual property theft as well as espionage, according to Microsoft. Less was known about Storm-2603 and its motives. 'Investigations into other actors also using these exploits are ongoing,' Microsoft said, urging users to patch SharePoint servers to avoid becoming hacking victims. Cybersecurity specialist Damien Bancal noted in a recent blog post that he found 'ready-to-use exploit code' for the vulnerability at a popular website. The assault on SharePoint servers is the latest in a series of sophisticated attacks carried out by state-sponsored groups against 'the Microsoft ecosystem,' according to Bancal. In 2021, attacks by a Chinese hacker group known as Silk Typhoon compromised tens of thousands of email servers using Microsft Exchange software. Microsoft's success at making its software commonplace in offices and homes also makes it a prime target for hackers out to steal money or information. Microsoft software can hold sensitive and valuable information. 'It's not Microsoft that is being targeted, it's its customers,' said Shane Barney, head of information security at US-based Keeper. Targeting Microsoft programs is a means to an end, and tomorrow it could be software from another company, said Rodrigue Le Bayon, head of Orange Cyberdefense computer emergency response team. China is not the only nation backing hacker operations as countries around the world hone cyber capabilities, according to Le Bayon. Nevertheless, China is repeatedly singled out by companies and goverments hit by hacks. Western countries have accused hacker groups allegedly supported by China of conducting a global cyber espionage campaign against figures critical of Beijing, democratic institutions, and companies in various sensitive sectors.
Kuwait Times
5 days ago
- Business
- Kuwait Times
Microsoft warns Chinese hackers targeting customers
SAN FRANCISCO: Chinese state-sponsored hackers are actively exploiting critical security vulnerabilities in users of Microsoft's popular SharePoint servers to steal sensitive data and deploy malicious code, the US tech giant warned Tuesday. Microsoft said it has observed three threat groups—dubbed Linen Typhoon, Violet Typhoon, and Storm-2603 –- targeting internet-facing SharePoint servers using two newly disclosed vulnerabilities that allow attackers to bypass authentication and execute remote code. SharePoint Server is Microsoft's collaboration and document management platform designed for businesses and organizations. Many large organizations use SharePoint as their primary platform for internal collaboration and for storing documents, and is appreciated for working well with other Microsoft products like Office, Teams, and Outlook. The attacks, which Microsoft said began as early as July 7, affect only on-premises SharePoint installations and do not impact the cloud-based SharePoint Online service, the company said in a security bulletin. Microsoft warned that it 'assesses with high confidence' that the threat actors will continue their assault against vulnerable systems where companies haven't taken the necessary precautions. The vulnerabilities allow attackers to spoof authentication credentials and execute malicious code remotely on vulnerable servers. Microsoft has released comprehensive security updates to address the malware and urged customers to apply the patches immediately. In their successful attacks, the Chinese hackers deployed malicious code that provides backdoor access to compromised systems. The attackers used these tools to steal machine encryption keys and maintain access to targeted networks. Linen Typhoon, active since 2012, primarily focuses on intellectual property theft from government, defense, and human rights organizations. Violet Typhoon, operating since 2015, conducts espionage against former government officials, NGOs, think tanks, and media organizations across the United States, Europe, and East Asia. Storm-2603, which Microsoft assesses with 'medium confidence' to be China-based, has previously deployed ransomware but its current objectives remain unclear. Research from cybersecurity company Check Point said the campaign began on July 7 against a major Western government and that the attacks intensified dramatically around July 18. Since then, researchers have confirmed dozens of compromise attempts primarily targeting organizations in North America and Western Europe, Check Point said in a blog post. –AFP
Mint
5 days ago
- Business
- Mint
Microsoft confirms Chinese cyber groups behind major SharePoint exploit; US agencies and global companies among affected
Three China-linked cyber espionage groups have been implicated in a major hacking campaign that has compromised a wide range of organisations globally, including multiple US government agencies. The cyberattack, which exploits critical vulnerabilities in Microsoft's widely used SharePoint server software, has prompted urgent investigations by federal officials and private security experts, according to a report by Politico. Microsoft confirmed in a recent blog post that the three threat actors, identified as Violet Typhoon, Linen Typhoon, and Storm-2603, are actively involved in the campaign. These groups are believed to be state-affiliated and have been previously associated with cyber operations targeting Western interests. Two US officials, speaking on condition of anonymity due to the sensitivity of the situation, disclosed that at least four to five federal agencies have been affected, though the full scale of the breach remains unclear. 'More than one' agency had been confirmed as compromised as of Monday, one of the officials added. The attackers are exploiting a serious flaw in customer-managed, on-premises versions of Microsoft SharePoint, a collaborative platform used extensively across government and corporate sectors. Microsoft stated that the cloud-hosted versions of SharePoint are not impacted by the vulnerability. Since the breach was detected over the weekend, both federal cybersecurity teams and private analysts have been working to contain the damage. Microsoft said it is confident the threat actors will continue to exploit unpatched systems, warning of the urgent need for organisations to update their software. The tech giant has said it is working closely with the US Cybersecurity and Infrastructure Security Agency (CISA), the Department of Defense's Cyber Defence Command, and international cybersecurity partners to mitigate the threat. A CISA spokesperson noted that Microsoft had been 'responding quickly' since the agency first raised the alarm. This latest breach adds to a growing list of high-profile cybersecurity incidents involving Microsoft and suspected Chinese hackers. In 2023, attackers linked to China reportedly accessed email accounts belonging to the US ambassador to China and the US Commerce Secretary by exploiting a string of Microsoft security flaws, shortcomings that were later criticised by a federal review board. More recently, the Pentagon announced it would reassess all its cloud services after it emerged that Chinese-based engineers had been providing technical assistance for sensitive US military systems.
