Latest news with #LinenTyphoon
Yahoo
19 hours ago
- Business
- Yahoo
Financially motivated cluster a key player in ToolShell exploitation
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. A financially motivated threat actor has been involved in a cluster of activity linked to the ToolShell vulnerability in Microsoft SharePoint, researchers at Palo Alto Networks Unit 42 said Tuesday. The threat actor has developed a custom tool set that includes ransomware, deployment of a malicious backdoor called AK47C2, and loaders. Microsoft in July said the financially motivated actor was the third known entity involved in the exploitation of SharePoint. The threat activity targeting SharePoint was initially linked to China-backed nation-state actors Linen Typhoon and Violet Typhoon. However, Microsoft has also been tracking the financially motivated actor under the name Storm-2603. Unit 42 researchers say the financially motivated threat cluster, which it tracks at CL-CRI-1040, has a prior link to a LockBit 3.0 affiliate and has recently been operating a leak site called Warlock Client Leaked Data Show. The earliest version of the ransomware, known as AK47 or X2ANYLOCK, goes back to April. The ransomware is able to terminate several applications, encrypt specific files and drop ransom notes. Researchers admit, however, there could be some level of cooperation between the financially motivated threat activity and the nation-state hackers. The SharePoint exploitation has been among the most serious threat activity facing the United States in recent years. Several federal agencies in the U.S. were impacted by the hacking campaign, including the Department of Energy, the Department of Homeland Security, and the Department of Health and Human Services. Security researchers have confirmed at least 300 cases of compromise worldwide, though the vast majority of the targeted organizations have not disclosed any specific impacts. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Tahawul Tech
29-07-2025
- Business
- Tahawul Tech
Microsoft SharePoint suffers hack by Chinese groups
Microsoft has reported that their SharePoint servers have been hacked by Chinese 'threat actors' targeting the data of businesses using the service. China state-backed Linen Typhoon and Violet Typhoon as well as China-based Storm-2603 were said to have 'exploited vulnerabilities' in on-premises SharePoint servers, the kind used by firms, but not in its cloud-based service. The US tech giant has released security updates in response and has advised all on-premises SharePoint server customers to install them. 'China firmly opposes and combats all forms of cyber attacks and cyber crime,' China's US embassy spokesman said in a statement. 'At the same time, we also firmly oppose smearing others without solid evidence,' continued Liu Pengyu in the statement posted on X. Microsoft said it had 'high confidence' the hackers would continue to target systems which have not installed its security updates. 'Investigations into other actors also using these exploits are still ongoing,' Microsoft said in a statement. It added that it would update its website blog with more information as its investigation continues. Microsoft said it had observed attacks in which hackers had sent a request to a SharePoint server 'enabling the theft of the key material by threat actors'. The UK's National Cyber Security Centre said this included 'a limited number' of SharePoint Server customers in the UK. Charles Carmakal, Chief Technology Officer at Mandiant Consulting firm, a division of Google Cloud, told BBC News it was 'aware of several victims in several different sectors across a number of global geographies'. Carmakal said it appeared that governments and businesses that use SharePoint on their sites were the primary target. A number of adversaries who stole material encoded by cryptography were then able to regain ongoing access to the victims' SharePoint data, he said. 'This was exploited in a very broad way, very opportunistically before a patch was made available. That's why this is significant,' Carmakal said. Carmakal said the 'China-nexus actor' was deploying techniques similar to previous campaigns associated with Beijing. Microsoft said Linen Typhoon had 'focused on stealing intellectual property, primarily targeting organisations related to government, defence, strategic planning, and human rights' for 13 years. It added that Violet Typhoon had been 'dedicated to espionage', primarily targeting former government and military staff, non-governmental organisations, think tanks, higher education, the media, the financial sector and the health sector in the US, Europe, and East Asia. Meanwhile, Storm-2603 was 'assessed with medium confidence to be a China-based threat actor'. Source: BBC News Image Credit: Microsoft
Yahoo
27-07-2025
- Business
- Yahoo
Microsoft probing if Chinese hackers learned SharePoint flaws through alert, Bloomberg News reports
(Reuters) -Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, Bloomberg News reported on Friday. A security patch Microsoft released this month failed to fully fix a critical flaw in the U.S. tech giant's SharePoint server software, opening the door to a sweeping global cyber espionage effort. In a blog post on Tuesday, Microsoft said two allegedly Chinese hacking groups, dubbed "Linen Typhoon" and "Violet Typhoon," were exploiting the weaknesses, along with a third, also based in China. The tech giant is probing if a leak from the Microsoft Active Protections Program (MAPP) led to the widespread exploitation of vulnerabilities in its SharePoint software globally over the past several days, the report said. Microsoft said in a statement provided to Reuters that the company continually evaluates "the efficacy and security of all of our partner programs and makes the necessary improvements as needed." A researcher with Vietnamese cybersecurity firm Viettel demonstrated the SharePoint vulnerability in May at the Pwn2Own cybersecurity conference in Berlin. The conference, put on by cybersecurity company Trend Micro's Zero Day Initiative, rewards researchers in the pursuit of ethically disclosing software vulnerabilities. The researcher, Dinh Ho Anh Khoa, was awarded $100,000 and Microsoft issued an initial patch for the vulnerability in July, but members of the MAPP program were notified of the vulnerabilities on June 24, July 3 and July 7, Dustin Childs, head of threat awareness for the Zero Day Initiative at Trend Micro, told Reuters Friday. Microsoft first observed exploit attempts on July 7, the company said in the Tuesday blog post. Childs told Reuters that "the likeliest scenario is that someone in the MAPP program used that information to create the exploits." It's not clear which vendor was responsible, Childs said, "but since many of the exploit attempts come from China, it seems reasonable to speculate it was a company in that region." It would not be the first time that a leak from the MAPP program led to a security breach. More than a decade ago, Microsoft accused a Chinese firm, Hangzhou DPTech Technologies Co., Ltd., of breaching its non-disclosure agreement and expelled it from the program. 'We recognize that there is the potential for vulnerability information to be misused,' Microsoft said in a 2012 blog post, around the time that information first leaked from the program. 'In order to limit this as much as possible, we have strong non-disclosure agreements (NDA) with our partners. Microsoft takes breaches of its NDAs very seriously.' Any confirmed leak from MAPP would be a blow to the program, which is meant to give cyber defenders the upper hand against hackers who race to parse Microsoft updates for clues on how to develop malicious software that can be used against still-vulnerable users. Launched in 2008, MAPP was meant to give trusted security vendors a head start against the hackers, for example, by supplying them with detailed technical information and, in some cases, 'proof of concept' software that mimics the operation of genuine malware.
The Hindu
26-07-2025
- Business
- The Hindu
Microsoft probing if Chinese hackers learned SharePoint flaws through alert: Report
Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, Bloomberg News reported on Friday. A security patch Microsoft released this month failed to fully fix a critical flaw in the U.S. tech giant's SharePoint server software, opening the door to a sweeping global cyber espionage effort. In a blog post on Tuesday, Microsoft said two allegedly Chinese hacking groups, dubbed "Linen Typhoon" and "Violet Typhoon," were exploiting the weaknesses, along with a third, also based in China. The tech giant is probing if the program led to the widespread exploitation of vulnerabilities in its SharePoint software globally over the past several days, the report said. Microsoft did not immediately respond to a Reuters request for comment on the report.
Time of India
26-07-2025
- Time of India
Microsoft probing if Chinese hackers learned SharePoint flaws through alert: Report
Synopsis A security patch Microsoft released this month failed to fully fix a critical flaw in the U.S. tech giant's SharePoint server software, opening the door to a sweeping global cyber espionage effort. In a blog post on Tuesday, Microsoft said two allegedly Chinese hacking groups, dubbed "Linen Typhoon" and "Violet Typhoon," were exploiting the weaknesses, along with a third, also based in China.
