Microsoft knew of SharePoint security flaw but failed to effectively patch it, timeline shows
A Microsoft spokesperson confirmed on Tuesday that its initial solution did not work. The spokesperson added that Microsoft had released further patches that fixed the issue.
It remains unclear who is behind the ongoing operation, which targeted around 100 organisations over the weekend and is expected to escalate as other hackers join the fray. Microsoft said in a blog post that two allegedly Chinese hacking groups, dubbed "Linen Typhoon" and "Violet Typhoon," were exploiting the vulnerabilities, along with another China-based hacking group.
Microsoft and Alphabet's (GOOGL.O), opens new tab Google have said that China-linked hackers were likely behind the first wave of hacks.
Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies carrying out hacking operations. In an emailed statement, the Chinese embassy in Washington said China opposes all forms of cyberattacks, and "smearing others without solid evidence."
The vulnerability that facilitated the attack was first identified in May at a hacking competition, opens new tab in Berlin organised by cybersecurity firm Trend Micro (4704.T), opens new tab, which offered cash bounties for the discovery of computer bugs in popular software.
It offered a $100,000 prize for "zero-day" exploits - which are called that because they leverage previously undisclosed digital weaknesses that could be used against SharePoint, Microsoft's flagship document management and collaboration platform.
A researcher, opens new tab working for the cybersecurity arm of Viettel, a telecommunications firm operated by Vietnam's military, identified, opens new tab a SharePoint bug at the event, dubbed it "ToolShell" and demonstrated a method of exploiting it.
The researcher was awarded $100,000 for the discovery, according to a post, opens new tab on X by Trend Micro's "Zero Day Initiative."
In a statement, Trend Micro said it was the responsibility of vendors participating in its competition to patch and disclose security flaws in "an effective and timely manner."
"Patches will occasionally fail. This has happened with SharePoint in the past," the statement said.
Microsoft said in a July 8 security update that it had identified, opens new tab the bug, listed it as a critical vulnerability, and released patches to fix it.
About 10 days later, however, cybersecurity firms started to notice an influx of malicious online activity targeting the same software the bug sought to exploit: SharePoint servers.
"Threat actors subsequently developed exploits that appear to bypass these patches," British cybersecurity firm Sophos said in a blog post, opens new tab on Monday.
The pool of potential ToolShell targets remains vast.
According to data from Shodan, a search engine that helps identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
The Shadowserver Foundation, which scans the internet for potential digital vulnerabilities, put the number at a little more than 9,000, while cautioning that the figure was a minimum.
It said most of those affected were in the United States and Germany, and the victims included government organisations.
Germany's federal office for information security, BSI, said on Tuesday it had found SharePoint servers within government networks that were vulnerable to the ToolShell attack but none had been compromised.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Independent
24 minutes ago
- The Independent
Trump claims he's made a ‘massive' trade deal with Japan
President Donald Trump boasted Tuesday that he had made a 'massive' deal with Japan that would generate 'thousands of jobs' and billions of dollars for the U.S. The president announced the trade framework – 'perhaps the largest Deal ever made' – in a Truth Social post Tuesday, revealing that a 15 percent tax on goods imported from Japan had been agreed. In the post Trump said Japan would invest 'at my direction' $550 billion into the U.S. and would 'open' its economy to American-made vehicles as well as 'rice' and 'other things.' But further details remained scant. The 15 percent tax on imported Japanese goods is a significant drop from the 25 percent rate that Trump, in a recent letter to Japanese Prime Minister Shigeru Ishiba, said would be levied starting on August 1. 'This Deal will create Hundreds of Thousands of Jobs — There has never been anything like it,' the president posted on Truth Social, adding that the United States 'will continue to always have a great relationship with the Country of Japan.' 'This is a very exciting time for the United States of America, and especially for the fact that we will continue to always have a great relationship with the Country of Japan. Thank you for your attention to this matter!' Early Wednesday in Tokyo, Japanese Prime Minister Shigera Ishiba confirmed the new trade agreement, saying it would benefit both sides and help them work together. 'The government was determined to protect national interests,' Ishiba told reporters, per the Wall Street Journal. Trump's announcement appeared to excite investors, with the benchmark Nikkei – the Tokyo stock market – climbing 2.6 percent to its highest in a year, with shares of automakers also surging. Toyota grew by more than 11 percent, with Honda and Nissan both up more than 8 percent. But American automakers were less buoyed with the deal, with concerns raised over low import levies from Japan, compared to tariffs on imports from Canada and Mexico remaining at 25 percent. Matt Blunt, head of the American Automotive Policy Council, said, "Any deal that charges a lower tariff for Japanese imports with virtually no U.S. content than the tariff imposed on North American-built vehicles with high U.S. content is a bad deal for U.S. industry and U.S. auto workers.'
Reuters
25 minutes ago
- Reuters
Dollar holds losses after Trump announces Japan trade deal
TOKYO, July 23 (Reuters) - The dollar stayed weak on Wednesday, having lost ground overnight, after U.S. President Donald Trump announced a trade deal with Japan ahead of an impending tariff deadline. The U.S. currency has been one of the biggest losers since Trump announced sweeping tariffs on trading partners on April 2, only to delay and suspend most of the duties as his administration sought bilateral trade deals. The yen flipped to losses on the day after a report that Japanese Prime Minister Shigeru Ishiba intends to step down next month. In a post on Truth Social, Trump said that a tariff rate of 15% was set on imports from Japan, down from the 25% rate that was expected to take effect from August 1, and added the Asian nation will invest $550 billion in the United States. "Dollar softness seems to be our opening proposition," said Michael McCarthy, Market Strategist at Moomoo Australia. "Clearly there's some dovishness infecting the market at the moment around the U.S. dollar and we're seeing that in the bond markets too." The dollar traded at 146.90 yen , up 0.2% after having slid 0.5% in the previous session. The dollar index , which tracks the greenback against major peers, was little changed at 97.48 after a three-day decline. The gauge has lost 6.6% since Trump's "Liberation Day" tariff announcement on April 2. U.S. Treasury Secretary Scott Bessent said on Monday the administration is more concerned with the quality of trade agreements than the timing. Asked whether the deadline could be extended for countries engaged in productive talks with Washington, Bessent said Trump would make that decision. Uncertainty over the eventual state of tariffs globally has been a huge overhang for the foreign exchange market, leaving currencies trading in a tight range for the most part, even as stocks on Wall Street have scaled fresh highs. Japan's all-important auto industry and rice imports were sticking points in protracted trade talks with the U.S. In his post on Truth Social, Trump said Japan would open to trade for U.S. cars, trucks, rice and certain agricultural products, among other items. Ishiba told reporters in Tokyo that the deal would set a 15% tariff on imports of Japanese vehicles. Ishiba, whose ruling coalition lost its majority in upper house elections on Sunday, has made up his mind to announce his resignation by the end of August, the Mainichi newspaper reported. The euro stood at $1.1736 , down 0.2%. Sterling was little changed at $1.35180 , off 0.1%. Also weighing on investors' minds were worries about Federal Reserve independence, given Trump has repeatedly railed against Chair Jerome Powell and urged him to resign because of the central bank's reluctance to cut interest rates. Bessent on Monday took a softer stance, saying there is no need for Powell to step down immediately, adding that he should see through the end of his term in May if he wants.
BBC News
an hour ago
- BBC News
Microsoft servers hacked by Chinese state-backed groups, firm says
Chinese "threat actors" have hacked Microsoft's SharePoint document software servers and targeted the data of the businesses using it, the firm has state-backed Linen Typhoon and Violet Typhoon as well as China-based Storm-2603 were said to have "exploited vulnerabilities" in on-premises SharePoint servers, the kind used by firms, but not in its cloud-based US tech giant has released security updates in response and has advised all on-premises SharePoint server customers to install them."Investigations into other actors also using these exploits are still ongoing," Microsoft said in a statement. The firm said it had "high confidence" the hackers would continue to target systems which have not installed its security added that it would update its website blog with more information as its investigation said it had observed attacks in which hackers had sent a request to a SharePoint server "enabling the theft of the key material by threat actors".Charles Carmakal, chief technology officer at Mandiant Consulting firm, a division of Google Cloud, told the BBC it was "aware of several victims in several different sectors across a number of global geographies".Carmakal said it appeared that governments and businesses that use SharePoint on their sites were the primary target.A number of adversaries who stole material encoded by cryptography were then able to regain ongoing access to the victims' SharePoint data, he said."This was exploited in a very broad way, very opportunistically before a patch was made available. That's why this is significant," Carmakal said the "China-nexus actor" was deploying techniques similar to previous campaigns associated with said Linen Typhoon had "focused on stealing intellectual property, primarily targeting organizations related to government, defence, strategic planning, and human rights" for 13 added that Violet Typhoon had been "dedicated to espionage", primarily targeting former government and military staff, non-governmental organizations, think tanks, higher education, the media, the financial sector and the health sector in the US, Europe, and East Storm-2603 was "assessed with medium confidence to be a China-based threat actor".
