Chinese hackers race to target Microsoft SharePoint vulnerability, tech giants say
The identities of which organizations have been hacked are still not public, but they are increasing and include multiple government agencies around the world, Charles Carmakal, the chief technology officer at Mandiant, Google's cloud security service, told NBC News.
SharePoint works as a shared version of Microsoft Office, letting people in the same organization directly collaborate.
The flaw in the software — initially classified as a 'zero day,' because there was not a patch for victims to defend themselves when it was first discovered — lets hackers gain significant access to the computers of organizations that host SharePoint. Cloud customers were not affected.
Microsoft announced Saturday that the flaw was being exploited but only made a downloadable fix for it available Monday, prompting a scramble for organizations to patch it while capable hackers hurried to find additional victims who hadn't protected themselves.
The incident echoes one in 2021, when a flaw in another Microsoft product, the email program Exchange, allowed a similar mad dash of hacking. In that case, the U.S. formally accused China of snooping on government emails, but a review board also blamed Microsoft for allowing it to happen.
In a blog post published Tuesday morning, Microsoft said at least three Chinese hacking groups, two of which are associated with Chinese intelligence, have been exploiting the flaw.
The U.S. government and its allies, as well as Western cybersecurity companies, routinely attribute cyber espionage efforts to China, which often downplays the accusations. A spokesperson for China's Embassy in Washington did not directly deny that Chinese intelligence has been using the exploit, but said, 'Cyber attacks are a common threat faced by all countries, China included.'
'China firmly opposes and combats all forms of cyber attacks and cyber crime — a position that is consistent and clear,' the spokesperson said.
Neither the White House nor the Cybersecurity and Infrastructure Security Agency, which protects U.S. federal networks, responded to a request for comment.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Reuters
an hour ago
- Reuters
US nuclear weapons agency breached in Microsoft SharePoint hack, Bloomberg News reports
July 22 (Reuters) - U.S. National Nuclear Security Administration was among those breached by a hack of Microsoft's (MSFT.O), opens new tab SharePoint document management software, Bloomberg News reported on Tuesday, citing a person with knowledge of the matter. Bloomberg reported that no sensitive or classified information is known to have been compromised in the attack on the National Nuclear Security Administration, the agency responsible for maintaining and designing the nation's cache of nuclear weapons. Reuters could not immediately verify the report. The U.S. Energy Department, U.S. Cybersecurity and Infrastructure Security Agency, and Microsoft did not immediately respond to request for comments from Reuters.
Daily Mail
an hour ago
- Daily Mail
Tide turns against return-to-office refuseniks
For the first time since the pandemic more than half of Fortune 100 companies now demand staff be present in the office five days a week. It is a decisive repositioning with only 5 percent of the same companies demanding a total return to the office just two years ago in 2023. Now 54 percent of companies that make up the Fortune 100 - the biggest companies in America - are fully in-office and 41 percent are flexible. Larger companies are leading the charge, with smaller operations still favoring flexible work, new data has revealed. Starbucks has been among the recent household names that have demanded its corporate workers return to its Seattle headquarters for at least four days a week. Google and Amazon have also pushed their employees to come back to in-person work, citing alleged productivity benefits. Corporate real estate remains a tale of two markets with high end rents in Miami, New York City and San Francisco at record highs, according to the report. However, office vacancies across the country continue to persist at more than 22 percent. The amount of office space available has fallen by 700,000 square feet in the last quarter alone, the report from commercial real estate and investment management company Jones Lang LaSalle (JLL) revealed. The dramatic drop indicates the effect of demolitions and the growing number of office buildings that have been converted into apartment blocks. The largest companies can afford to pay for slick buildings with luxury amenities to lure their workers back. Smaller companies, on the other hand, are less inclined to pay rents for an older building their staff are reluctant to visit. Other than the biggest companies in the country, most firms are actually maintaining their flexible working policies. Some 51 percent of employees with remote-capable jobs were working hybrid in 2025, down slightly from 52 percent in 2023, according to recent data from Gallup Poll. The story looks similar for those working completely remotely, with 28 percent working exclusively at home now compared to 29 percent in 2023. Experts argue that the biggest companies in America are pushing for workers to return to the office even if they lose talent because they can afford to do so. 'Amazon can lose 1,000 talented IT workers with no problem,' Mark Ma, associate professor of business administration at the University of Pittsburgh, told Fortune. 'There is still a lineup of young college graduates from maybe Carnegie Mellon or other excellent universities who still want to work for Amazon because that's the Magnificent Seven,' he explained. 'But the smaller firms, it is harder for them to do it because once they lose some important employees, maybe no one else in their firm can do the job.' It comes as separate data from JLL revealed that Gen Z, who have been characterized by many as work shy, are actually the most eager to get back into the office. Those born between 1997 and 2012 attend the office 3.1 days a week, compared to older age groups who show up between 2.5 and 2.7 days a week, a survey from the company found.
Reuters
2 hours ago
- Reuters
Key moments in EU-China trade frictions
BEIJING, July 22 (Reuters) - Chinese and European Union leaders will meet in Beijing on Thursday for a summit marking 50 years of diplomatic ties. Here is a timeline of EU-China trade tensions in recent years. Mar 22, 2021 - The EU sanctions four Chinese officials over alleged human rights abuses in Xinjiang, its first significant sanctions on China since the 1989 Tiananmen Square crackdown. China sanctions 10 EU politicians and think tanks in response. May 20, 2021 - The European Parliament halts ratification of a comprehensive investment pact with China following Beijing's sanctions. Dec 3, 2021 - China imposes an unannounced embargo on Lithuanian exports, after Vilnius allowed Taiwan to open a de facto embassy. Mar 30, 2023 - European Commission President Ursula von der Leyen says the EU must "de-risk" from trade and supply chain dependencies on China. Sep 13, 2023 - The EU launches an anti-subsidy probe into Chinese EV exports to assess whether to impose punitive tariffs. Jan 5, 2024 - China opens an anti-dumping investigation into brandy imports from the EU. Apr 9, 2024 - The EU announces an investigation into subsidies received by Chinese suppliers of wind turbines. Jun 17, 2024 - China opens an anti-dumping investigation into pork and its by-products from the EU. Aug 21, 2024 - China opens an anti-subsidy probe into dairy imports from the EU. Oct 8, 2024 - China imposes temporary anti-dumping tariffs on EU brandy, hitting brands from Hennessy to Remy Martin. Oct 29, 2024 - The EU approves imposing extra tariffs of up to 35.3% on Chinese-made EVs for five years, but negotiations continue. Jan 20, 2025 - On the day of U.S. President Donald Trump's inauguration, Von der Leyen says the EU should "expand trade and investment ties" with China where possible, in an apparent softening of Brussels' stance. Apr 30, 2025 - China lifts sanctions on some EU lawmakers and institutions imposed in 2021. Jun 20, 2025 - The EU bars Chinese companies from participating in public tenders for medical device purchases exceeding five million euros. Jul 4, 2025 - China spares major cognac producers from duties of up to 34.9% on European brandy imports. Jul 6, 2025 - China retaliates with restricting government purchases of medical devices from the EU that exceed 45 million yuan ($6.3 million) in value. Jul 8, 2025 - Von der Leyen accuses China of flooding global markets with overcapacity and enabling Russia's war economy in a fiery speech at the EU Parliament.
