Microsoft SharePoint suffers hack by Chinese groups
China state-backed Linen Typhoon and Violet Typhoon as well as China-based Storm-2603 were said to have 'exploited vulnerabilities' in on-premises SharePoint servers, the kind used by firms, but not in its cloud-based service.
The US tech giant has released security updates in response and has advised all on-premises SharePoint server customers to install them.
'China firmly opposes and combats all forms of cyber attacks and cyber crime,' China's US embassy spokesman said in a statement. 'At the same time, we also firmly oppose smearing others without solid evidence,' continued Liu Pengyu in the statement posted on X.
Microsoft said it had 'high confidence' the hackers would continue to target systems which have not installed its security updates. 'Investigations into other actors also using these exploits are still ongoing,' Microsoft said in a statement.
It added that it would update its website blog with more information as its investigation continues. Microsoft said it had observed attacks in which hackers had sent a request to a SharePoint server 'enabling the theft of the key material by threat actors'.
The UK's National Cyber Security Centre said this included 'a limited number' of SharePoint Server customers in the UK.
Charles Carmakal, Chief Technology Officer at Mandiant Consulting firm, a division of Google Cloud, told BBC News it was 'aware of several victims in several different sectors across a number of global geographies'. Carmakal said it appeared that governments and businesses that use SharePoint on their sites were the primary target.
A number of adversaries who stole material encoded by cryptography were then able to regain ongoing access to the victims' SharePoint data, he said.
'This was exploited in a very broad way, very opportunistically before a patch was made available. That's why this is significant,' Carmakal said. Carmakal said the 'China-nexus actor' was deploying techniques similar to previous campaigns associated with Beijing.
Microsoft said Linen Typhoon had 'focused on stealing intellectual property, primarily targeting organisations related to government, defence, strategic planning, and human rights' for 13 years.
It added that Violet Typhoon had been 'dedicated to espionage', primarily targeting former government and military staff, non-governmental organisations, think tanks, higher education, the media, the financial sector and the health sector in the US, Europe, and East Asia.
Meanwhile, Storm-2603 was 'assessed with medium confidence to be a China-based threat actor'.
Source: BBC News
Image Credit: Microsoft
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Zawya
44 minutes ago
- Zawya
UK services sector orders fall by most since 2022, PMI shows
LONDON - Businesses in Britain's services sector reported the biggest drop in new orders in July since November 2022 and cut staffing by the most in six months, according to a survey on Tuesday that may add to the Bank of England's worries about growth. Britain's central bank is widely expected to cut interest rates to 4% on Thursday from 4.25%, its fifth cut in the current cycle, though some policymakers may vote to keep rates on hold as inflation has climbed well above its 2% target. July's S&P Global Purchasing Managers' Index for the services sector dropped to 51.8 from June's 52.8 - a smaller drop than fall to 51.2 originally reported. The composite PMI, which includes last week's stronger manufacturing data, was revised up to 51.5 from 51.0. But new business fell sharply. That component dropped below the 50 level that divides growth from contraction for the first time since October 2023, falling to 47.7 from 51.3, the lowest since November 2022 when businesses had been unsettled by high inflation and Prime Minister Liz Truss' budget plans. "Risk aversion and low confidence among clients were the main reasons provided for sluggish sales pipelines, alongside an unfavourable global economic backdrop," S&P Global Market Intelligence's economics director, Tim Moore, said. The employment component fell to 45.6 from 47.0, its lowest since February, which S&P said reflected "hiring freezes and redundancies in response to subdued demand and robust input cost inflation". Britain's Labour government increased employer's social security contributions with effect from April as well as approving a near 7% rise in the minimum wage, and plans new legislation that will make it harder to sack workers in their first two years. Official data showed Britain's unemployment rate in the three months to May rose to a four-year high of 4.7%, while economic output shrank in both April and May. Despite this, S&P said businesses were more upbeat about the year ahead. The index for future activity rose to 65.9 from 64.4, their second-highest level since October, due to "receding concerns about U.S. tariffs and hopes of a boost to business and consumer spending from interest rate cuts," Moore said.
Zawya
44 minutes ago
- Zawya
Global M&A hits $2.6trln peak year-to-date, boosted by AI and quest for growth
LONDON - Global dealmaking has reached $2.6 trillion, the highest for the first seven months of the year since the 2021 pandemic-era peak, as a quest for growth in corporate boardrooms and the impact of a surge in AI activity has overcome the uncertainty caused by U.S. tariffs. The number of transactions to August 1 is 16% lower than the same time last year, but their value is 28% higher, according to Dealogic data, boosted by U.S. megadeals valued at more than $10 billion. They include Union Pacific Corp's proposed $85 billion acquisition of small rival Norfolk Southern and OpenAI's $40 billion funding round led by Softbank Group. The upsurge will be a relief to bankers who began the year with expectations the administration of U.S. President Donald Trump would lead to a wave of consolidation. Instead, his trade tariffs and geopolitical uncertainty made companies pause until renewed confidence in corporate boardrooms and the U.S. administration's anti-trust agenda changed the mood. "What you're seeing in terms of deal rationale for transactions right now is that it's heavily growth-motivated, and it's increasing," Andre Veissid, EY Global Financial Services Strategy and Transactions Leader, told Reuters. "Whether it's artificial intelligence, the change in the regulatory environment, we see our clients not wanting to be left behind in that race and that's driving activity." Compared with August 2021, when investors, rebounding from pandemic lockdowns drove the value of deals to $3.57 trillion, this year's tally is nearly a $1 trillion, or 27%, lower. Still deal-makers at JP Morgan Chase have said there is more to come, with companies pursuing bigger deals in the second half of the year as executives adapt to volatility. "People have got used to the prevailing uncertainty, or maybe the unpredictability post-U.S. election is just more predictable now," Simon Nicholls, co-head of Slaughter and May Corporate and M&A group, said. Nigel Wellings, Partner at Clifford Chance said the market was moving beyond tariffs. "Boardrooms are seeing the M&A opportunity of a more stable economic environment and positive regulatory signals. But it is not a frothy market." FROM HEALTH TO TECH While the healthcare sector drove M&A in the years after the pandemic, the computer and electronics industry has produced more takeover bids in the U.S. and the United Kingdom in the last two years, according to Dealogic. Artificial intelligence is expected to drive more dealmaking. M&A activity has increased around data centre usage, such as Samsung's $1.7 billion acquisition of Germany's FlaktGroup, a data centre cooling specialist. Palo Alto Networks $25 billion deal for Israeli cybersecurity peer CyberArk was the largest deal in Europe, Middle East and Africa so far this year as rising AI-driven threats push companies to adopt stronger defences. Private equity, which had been sitting on the sidelines, has once again been active, with Sycamore Partners' $10 billion deal to take private Walgreens Boots Alliance and rivalling 4.8 billion pound offers from KKR and Advent for UK scientific instrument maker Spectris. The U.S. was the biggest market for M&A, accounting for more than half of the global activity. Asia Pacific's dealmaking doubled over the same year to date period last year, outpacing the EMEA region.
Zawya
44 minutes ago
- Zawya
CFTC to allow listed spot crypto trading on registered exchanges
The U.S. Commodity Futures Trading Commission (CFTC) said on Monday it would allow trading of spot crypto asset contracts that are listed on a futures exchange registered under the regulator. The CFTC, which regulates U.S. derivatives markets, will enable immediate trading of digital assets at the Federal level in coordination with the Securities and Exchange Commission's "Project Crypto", CFTC acting chairman Caroline Pham said. The CFTC invited stakeholders to comment on how to list the spot crypto asset contracts in a designated market. "This is a significant development, not just for the U.S. but for global markets," said Saad Ahmed, head of Asia Pacific at Gemini. "It brings crypto one step closer to the structure and standards of traditional markets - an important shift that could drive broader participation from institutions and more sophisticated market participants globally." The digital assets industry has seen progress this year under U.S. President Donald Trump, as bills like the GENIUS Act and CLARITY Act have provided more regulatory certainty. Shortly after taking office in January, Trump ordered the creation of a crypto working group tasked with proposing new regulations, making good on his campaign promise to overhaul U.S. crypto policy. SEC Chair Paul Atkins last week outlined several pro-crypto initiatives, including directing staff to develop guidelines to determine when a crypto token qualifies as a security, and proposals for various disclosures and exemptions. The two regulators' approach marks a significant victory for the crypto industry, which has long advocated for tailored regulations. "The hope continues to be that a broader range of assets beyond bitcoin and ethereum entrench themselves on U.S. venues over the next 24 months, and moves like this ultimately help along that process," said Joseph Edwards, head of research at Enigma Securities. Trump's embrace of digital assets is in stark contrast to former President Joe Biden's regulators, who, in a bid to protect Americans from fraud and money laundering, cracked down on the industry. The Biden administration sued exchanges Coinbase, Binance, and dozens more, alleging they were flouting U.S. laws. Trump's SEC has since dropped those cases. Bitcoin, the world's largest cryptocurrency, last traded 0.68% lower at $114,077.05 on Tuesday, though it has risen more than 20% for the year so far. Ether fell 2% to $3,621.70.
