Cyberattacks are becoming alarmingly frequent, particularly those targeting big firms and exploiting their security flaws. Such has been the case recently, as Microsoft now accuses Chinese state-sponsored attackers of finding gaps and exfiltrating SharePoint document management software in a global cyberattack campaign. The tech giant further went on to state that the target of this espionage campaign is mainly businesses and government agencies, as well as their sensitive infrastructure. While the Chinese Embassy has firmly opposed the allegations and termed them as baseless, Microsoft is still adamant that its clients were actively targeted and, as a result, is currently issuing security patches to mitigate the threat.
Microsoft alleges that Chinese hackers exploited SharePoint flaws and carried out a global cyberattack campaign
Many of the U.S.-based tech companies are blaming Chinese hackers for exploiting vulnerabilities. This time around, it is Microsoft Corp. that took its findings out in a blog post on Tuesday and blamed two Chinese government-backed groups, Linen Typhoon and Violent Typhoon, for having leveraged a security flaw in its on-premises SharePoint deployments and not the cloud-based service. Another hacking group, Storm-2603, was also allegedly called out for its involvement in the exploitation. The company was quick to point out that the named threat actors have been involved in ransomware attacks.
Microsoft found a zero-day vulnerability in the self-managed versions of SharePoint servers. Because of this gap, the attackers were able to bypass authentication, take on user identities, and trick the system into believing they were, in fact, authorized users. The tech giant also pointed out that Microsoft's cloud-hosted SharePoint was not affected, and the attacks began on July 7th, before the public was made aware of it.
Microsoft warned its users about more actors trying to get past the flaw. Even Google's CTO chimed in to confirm that at least one of the actors responsible had links to China and that more hacking groups were trying to gain access through the vulnerability. Microsoft further said:
With the rapid adoption of these exploits, Microsoft assesses with high confidence that threat actors will continue to integrate them into their attacks.
The Chinese Embassy responded promptly to the accusations and blatantly denied any involvement, even calling them baseless. In a statement, they emphasized their opposition to such cyber crimes and expressed:
China firmly opposes all forms of cyberattacks and cybercrime At the same time, we also firmly oppose smearing others without solid evidence.
It cannot be said with certainty whether Chinese hacking groups are involved. Nonetheless, Microsoft has released emergency patches to address the ongoing concern. It is also issuing more security fixes to make its systems more secure and protect against any further vulnerabilities being exploited.
Follow Wccftech on Google to get more of our news coverage in your feeds.
