Microsoft says some SharePoint server hackers now use ransomware
Microsoft's server software now involves the deployment of ransomware, Microsoft said in a blog post on July 23.
In the post, citing 'expanded analysis and threat intelligence,' Microsoft said a group it dubs Storm-2603 is using the vulnerability to seed the ransomware, which typically works by paralysing victims' networks until a digital currency payment is made.
The disclosure marks a potential escalation in the campaign, which has already hit at least 400 victims, according to Netherlands-based cybersecurity firm Eye Security. Unlike typical state-backed hacker campaigns, which are aimed at stealing data, ransomware can cause widespread disruption depending on where it lands. The figure of 400 victims represents a sharp rise from the 100 organisations cataloged over the weekend. Eye Security says the figure is likely an undercount.
'There are many more, because not all attack vectors have left artifacts that we could scan for,' said Mr Vaisha Bernard, the chief hacker for Eye Security, which was among the first organisations to flag the breaches.
The details of most of the victim organisations have not yet been fully disclosed, but a representative for the National Institutes of Health confirmed on July 23 that one of the organisation's servers had been compromised.
'Additional servers were isolated as a precaution,' he said. The news of the compromise was first reported by the Washington Post. The spy campaign kicked off after Microsoft failed to fully patch a security hole in its SharePoint server software, kicking off a scramble to fix the vulnerability when it was discovered. Microsoft and its tech rival, Google owner Alphabet, have both said Chinese hackers are among those taking advantage of the flaw. Beijing has denied the claim. REUTERS
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Straits Times
35 minutes ago
- Straits Times
Microsoft probing whether cyber alert tipped off Chinese hackers
Find out what's new on ST website and app. Microsoft is looking into whether a leak from its early alert system led to the widespread exploitation of vulnerabilities in the SharePoint software. Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, according to people familiar with the matter. The technology company is looking into whether the programme – designed to give cybersecurity experts a chance to fix computer systems before the revelation of new security concerns – led to the widespread exploitation of vulnerabilities in its SharePoint software globally over the past several days, the people said, asking not to be identified discussing private matters. 'As part of our standard process, we'll review this incident, find areas to improve, and apply those improvements broadly,' a Microsoft spokesperson said in a statement, adding that partner programmes are an important part of the company's security response. The Chinese embassy in Washington referred to comments made by foreign affairs ministry spokesman Guo Jiakun to media earlier this week, opposing hacking activities. 'Cybersecurity is a common challenge faced by all countries and should be addressed jointly through dialogue and cooperation,'' Mr Guo said. 'China opposes and fights hacking activities in accordance with the law. At the same time, we oppose smears and attacks against China under the excuse of cybersecurity issues.' Microsoft has attributed SharePoint breaches to state-sponsored hackers from China , and at least a dozen Chinese companies participate in the initiative, called the Microsoft Active Protections Program, or MAPP, according to Microsoft's website. Members of the 17-year-old programme must prove they are cybersecurity vendors and that they don't produce hacking tools like penetration testing software. After signing a non-disclosure agreement, they receive information about novel patches to vulnerabilities 24 hours before Microsoft releases them to the public. A subset of more highly-vetted users receive notifications of an incoming patch five days earlier, according to Microsoft's MAPP website. Mr Dustin Childs, head of threat awareness for the Zero Day Initiative at cybersecurity company Trend Micro, says Microsoft alerted members of the program about the vulnerabilities that led to the SharePoint attacks. 'These two bugs were included in the MAPP release,' says Mr Childs, whose company is a MAPP member. 'The possibility of a leak has certainly crossed our minds.' He adds that such a leak would be a dire threat to the program, 'even though I still think MAPP has a lot of value'. Victims of the attacks now total more than 400 government agencies and corporations worldwide, including the US's National Nuclear Security Administration, the division responsible for designing and maintaining the country's nuclear weapons. For at least some of the attacks, Microsoft has blamed Linen Typhoon and Violet Typhoon, groups sponsored by the Chinese government, as well as another China-based group it calls Storm-2603. In response to the allegations, the Chinese Embassy has said it opposes all forms of cyberattacks, while also objecting to 'smearing others without solid evidence'. Mr Dinh Ho Anh Khoa, a researcher who works for the Vietnamese cybersecurity firm Viettel, revealed that SharePoint had unknown vulnerabilities in May at Pwn2Own, a conference in Berlin run by Mr Childs' organisation where hackers sit on stage and search for critical security vulnerabilities in front of a live audience. After the public demonstration and celebration, Mr Khoa headed to a private room with Childs and a Microsoft representative, Mr Childs said. Mr Khoa explained the exploit in detail and handed over a full white paper. Microsoft validated the research and immediately began working on a fix. Mr Khoa won US$100,000 (S$128,160) for the work. It took Microsoft about 60 days to come up with a fix. On July 7, the day before it released a patch publicly, hackers attacked SharePoint servers, cybersecurity researchers said. It is possible that hackers found the bugs independently and began exploiting them on the same day that Microsoft shared them with MAPP members, says Mr Childs. But he adds that this would be an incredible coincidence. The other obvious possibility is that someone shared the information with the attackers. The leak of news of a pending patch would be a substantial security failure, but 'it has happened before,' says Mr Jim Walter, senior threat researcher the cyber firm SentinelOne. MAPP has been the source of alleged leaks as far back as 2012, when Microsoft accused the Hangzhou DPtech Technologies, a Chinese network security company, of disclosing information that exposed a major vulnerability in Windows. Hangzhou DPtech was removed from the MAPP group. At the time, a Microsoft representative said in a statement that it had also 'strengthened existing controls and took actions to better protect our information'. In 2021, Microsoft suspected at least two other Chinese MAPP partners of leaking information about vulnerabilities in its Exchange servers, leading to a global hacking campaign that Microsoft blamed on a Chinese espionage group called Hafnium. It was one of the company's worst breaches ever – tens of thousands of exchange servers were hacked, including at the European Banking Authority and the Norwegian Parliament. Following the 2021 incident, the company considered revising the MAPP program, Bloomberg previously reported. But it did not disclose whether any changes were ultimately made or whether any leaks were discovered. A 2021 Chinese law mandates that any company or security researcher who identifies a security vulnerability must report it within 48 hours to the government's Ministry of Industry and Information Technology, according to an Atlantic Council report. Some of the Chinese companies that remain involved in MAPP, such as Beijing CyberKunlun Technology, are also members of a Chinese government vulnerabilities programme, the China National Vulnerability Database, which is operated by the country's Ministry of State Security, according to Chinese government websites. Mr Eugenio Benincasa, a researcher at ETH Zurich's Center for Security Studies, says there is a lack of transparency about how Chinese companies balance their commitments to safeguard vulnerabilities shared by Microsoft with requirements that they share information with the Chinese government. 'We know that some of these companies collaborate with state security agencies and that the vulnerability management system is highly centralised,' says Mr Benincasa. 'This is definitely an area that warrants closer scrutiny.' BLOOMBERG
Business Times
an hour ago
- Business Times
China's Premier Li Qiang proposes global AI cooperation organisation
[SHANGHAI] Chinese Premier Li Qiang on Saturday (Jul 26) proposed establishing an organisation to foster global cooperation on artificial intelligence (AI), calling on countries to coordinate on the development and security of the fast-evolving technology. Speaking at the opening of the annual World Artificial Intelligence Conference (Waic) in Shanghai, Li called AI a new engine for growth, but adding that governance is fragmented and emphasising the need for more coordination between countries to form a globally recognised framework for AI. The three-day event brings together industry leaders and policymakers at a time of escalating technological competition between China and the United States, the world's two largest economies, with AI emerging as a key battleground. 'Currently, overall global AI governance is still fragmented. Countries have great differences, particularly in terms of areas such as regulatory concepts, institutional rules,' Li said. 'We should strengthen coordination to form a global AI governance framework that has broad consensus as soon as possible,' he said. Washington has imposed export restrictions on advanced technology to China, including the most high-end AI chips made by companies such as Nvidia and chipmaking equipment, citing concerns that the technology could enhance China's military capabilities. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up Despite these restrictions, China has continued making AI breakthroughs that have drawn close scrutiny from US officials. Li did not name the United States in his speech, but he warned that AI could become an 'exclusive game' for a few countries and companies, and said challenges included an insufficient supply of AI chips and restrictions on talent exchange. China wanted to share its development experience and products with other countries, especially those in the Global South, Li said. Waic is an annual government-sponsored event in Shanghai that typically attracts major industry players, government officials, researchers and investors. Tesla CEO Elon Musk, who has in past years regularly appeared at the opening ceremony both in-person and via video, did not speak this year. Besides forums, the conference also features exhibitions where companies demonstrate their latest innovations. This year, more than 800 companies are participating, showcasing more than 3,000 high-tech products, 40 large language models, 50 AI-powered devices and 60 intelligent robots, according to organisers. The exhibition features predominantly Chinese companies, including tech giants Huawei and Alibaba and startups such as humanoid robot maker Unitree. Western participants include Tesla, Alphabet and Amazon. REUTERS
Straits Times
an hour ago
- Straits Times
‘US needs China's fireworks': No alternative for some Chinese goods amid trade uncertainty
LIUYANG/YIWU - Fourth of July celebrations in the United States might have just passed, but Chinese businessman Marx Wu is already prepared for a dampening effect of tariffs on sales of his fireworks to American customers for the festivities in 2026. This is due to the additional 30 per cent tariffs that US President Donald Trump has been imposing on China – since the outbreak of a trade war between the two countries in April – in a bid to bring back manufacturing to the US. 'Customers will be more cautious because their costs have increased significantly,' Mr Wu told The Straits Times. His company, Magnus Fireworks, is based in Liuyang, Hunan province, which is dubbed China's 'fireworks' hometown' for its expertise in manufacturing pyrotechnics. The US government now collects a 35.7 per cent tax from American importers for fireworks from China. The bulk of these sales are meant for the annual US Independence Day celebrations synonymous with fireworks displays. Such orders are typically made a year in advance. But Mr Wu, who sells mainly to the US, remains optimistic about his business' viability in the longer-term, because the strengths of the Chinese industry in Liuyang cannot be easily replicated elsewhere, he said. When unpacking the impacts of Trump's aggressive tariff strategy on Chinese manufacturers, it is a mixed picture on the ground. Top stories Swipe. Select. Stay informed. Singapore Almost half of planned 30,000 flats in Tengah to be completed by end-2025: Chee Hong Tat Asia Death toll climbs as Thai-Cambodia clashes continue despite calls for ceasefire Multimedia Lights dimmed at South-east Asia's scam hub but 'pig butchering' continues Singapore Black belt in taekwondo, Grade 8 in piano: S'pore teen excels despite condition that limits movements Asia Where's Jho Low? Looking for 1MDB fugitive in Shanghai's luxury estate Asia Thousands rally in downtown Kuala Lumpur calling for the resignation of PM Anwar Life SG60 F&B icons: Honouring 14 heritage brands that have never lost their charm Business Can STI continue its defiant climb in second half of 2025? Mr Marx Wu with some of his company's firework products for US Independence Day celebrations at his office in Liuyang, Hunan province. ST PHOTO: LIM MIN ZHANG On the one hand, Mr Trump's move to impose tariffs across the board on Chinese goods in April has led to factory closures and worker lay-offs in certain sectors such as the garment industry, and accelerated moves to diversify away from the US market for other exporters. On the other hand, there are other products which simply have few to no alternatives to 'made in China', because the country's manufacturers are overwhelmingly competitive, say experts. When Mr Trump proclaimed 'Liberation Day' on April 2 with 'reciprocal tariffs' on the US' trading partners, Beijing and Washington engaged in a tit-for-tat tariff war. At one point, American importers had to pay a 145 per cent tax on Chinese goods. But bilateral trade talks since May 12 have de-escalated the situation. US and Chinese officials are set to meet in Stockholm next week (from July 27) to discuss a possible extension of a 90-day truce. The fireworks industry presents a case study showing how, despite trade tensions and strategic competition, the US and China remain economically intertwined. While US businesses now adopt a cautious approach in placing orders, the deals have continued to flow as Chinese manufacturers remain competitive. Liuyang has over decades accumulated the technical know-how, the quality of its raw materials, proper regulatory oversight and strict transportation requirements, Mr Wu said. Factories dot the surrounding mountainous terrain of the city, about an hour's drive from the inland Hunan capital of Changsha. Production has to stop for about a month for safety reasons every summer because of the heat. 'America needs fireworks – this will not change,' said Mr Wu. 'At the very most, they will buy fewer, but they will not stop buying completely. In addition, we have good relations with our customers who trust in our products, and they also believe that this (tariffs issue) is temporary.' Screenshot from a video Mr Wu took of a Fourth of July fireworks celebration in Ohio earlier in July. His company's products were used. PHOTO: MARX WU According to the American Pyrotechnic Association, 90 per cent of professional display fireworks used in the US are imported from China. Reports say that US companies import close to US$400 million worth of consumer fireworks from China each year. More than 200 other imported products depend on China for more than 90 per cent of their supply, including baby carriages, vacuum flasks, umbrellas and artificial plants. Mr Stephen Olson, a visiting senior fellow at the ISEAS-Yusof Ishak Institute in Singapore who specialises in international trade, said that despite all the conflicts and tension, trade between the US and China has remained remarkably resilient. Although China's exports to the US declined in the first half of the year, China remains among the US' largest trade partners and will continue to be so for the foreseeable future, he said. China's exports to the US declined by 10.7 per cent in the first half of 2025, compared to the same period in 2024, a drop of US$25.7 billion. 'Trump's tariffs have undoubtedly dented China's cost competitiveness but the resilience of China's exports reflect the simple fact that China is the world's preeminent manufacturer and is overwhelmingly competitive in a host of consumer products and industrial inputs. It's simply not possible to cut China entirely out of US consumer markets or supply chains,' Mr Olson said. Mr Steve Houser, president of Missouri-based Red Rhino Fireworks who was on a work trip to China, said he has already placed his orders for 2026, but added that he – like other major importers – is doing so much more cautiously. 'I'm being very particular on what I order. I'm ordering only what I really, really need. I'm not really taking chances on other things because of the tariff rates; the goods are costing me a lot more,' he told ST. He said that the National Fireworks Association in the US was recently in Washington DC to make the case that fireworks should be exempt from the across-the-board tariffs of 30 per cent, as there are no viable alternative suppliers from other countries. Apart from the fireworks business, the US-China trade war has resulted in uncertainty for many exporters, such as those in Yiwu, of Zhejiang province, which is home to the world's largest wholesale market for small commodities. The sprawling Yiwu International Trade City hosts more than 70,000 shops selling products from cosmetics to stationery, backpacks and Christmas decorations. Most shops that stocked Halloween and Christmas decorations at the trade city declined to speak with ST in early July, when it is usually the peak sales season for these products. A few shop owners would only say that business is slower in 2025, while others said they were not authorised to speak with the media. Rows of dozens of shops at Yiwu International Trade City in Zhejiang province selling Christmas decorations were largely empty when ST visited in early July. ST PHOTO: LIM MIN ZHANG Ms Guo Xiabing, an entrepreneur in Zhejiang who runs a factory making Christmas trees in Yiwu, said that typically, US customers are more able to afford higher-priced products, such as those with more fanciful ornaments. She shared about her factory's race to ship orders in the 90-day trade truce between the US and China in a documentary aired in June. 'Customers also do not want to give up on the orders. But that also means that we are left hanging, not knowing when we can resume production and shipping. This type of uncertainty causes a lot of anxiety. Should we let go of the workers? How would we find jobs for them?' she said. Yet others have taken a longer-term view, and have long made efforts to diversify away from the US market. Chief executive of Aokai Sporting Goods in Yiwu, Mr Wu Xiaoming, who has been in the industry for 30 years, counts the South American and African markets as his major customers - at about 50 per cent and 20 per cent respectively - with the US market accounting for only about 5 per cent. Chief executive of Aokai Sporting Goods in Yiwu, Mr Wu Xiaoming, inspecting a football bound for Nicaragua at his factory in Yiwu city, Zhejiang province. ST PHOTO: LIM MIN ZHANG He recalled that there was one American customer who called him to resume an order on May 13, shortly after news of successful US-China trade talks in Geneva was announced, as well as to place a new order for 90,000 footballs. His orders from the US are mainly for supermarkets. 'For the US market, the volume is still there. But it is US consumers who have to bear the cost (of the tariffs). If you force us to lower our costs, it means the quality of the product suffers, so ultimately it's still the consumers who pay the bill,' Mr Wu said. He believes that diversification is necessary for his company's viability, not only because of trade frictions, but also due to other sources of instability. He cited examples such as a Croatian client that halted a shipment because of the Kosovo War in 1998, and how demand from Russia has plummeted because of the Ukraine war. 'There has not been a period where the entire world was completely at peace... In Yiwu, we engage in global trade. If the West doesn't shine, the East will.'
