Microsoft says Chinese state-backed hackers exploiting flaws in attacks
BEIJING – Microsoft said that Chinese state-sponsored actors were exploiting vulnerabilities in one of its popular collaboration software products, SharePoint, which is used by US government agencies and many companies worldwide.
Microsoft said in a notice on its security blog on July 22 that it had identified at least two China-based groups linked to the Chinese government that it said had been taking advantage of security flaws in its SharePoint software. Such attacks aim to sneak into the computer systems of users.
Those groups, called Linen Typhoon and Violet Typhoon, were ones that Microsoft said it had been tracking for years, and which it said had been targeting organisations and personnel related to government, defence, human rights, higher education, media, and financial and health services in the United States, Europe and East Asia.
Microsoft said another actor, which it called Storm-2603, was also involved in the hacking campaign. It said it had 'medium confidence' that Storm-2603 was a 'China-based threat actor'.
The US government's Cybersecurity and Infrastructure Security Agency issued a notice that said it was aware of the hacking attack on SharePoint. It added that it had notified 'critical infrastructure organisations' that were affected.
'While the scope and impact continue to be assessed,' the agency said, the vulnerabilities would enable 'malicious actors to fully access SharePoint content, including file systems and internal configurations and execute code over the network.'
A Microsoft spokesperson wrote in an emailed response that the company had been 'coordinating closely' with the Cybersecurity and Infrastructure Security Agency, the Department of Defense's Cyber Defense Command and 'key cybersecurity partners globally throughout our response'.
The Chinese Embassy in Washington did not immediately respond to a request for comment. China has routinely denied being behind cyberattacks and asserts that it is a victim of them.
Microsoft said in its blog post that investigations into other actors also using these exploits were still ongoing.
Eye Security, a cybersecurity firm, said that it had scanned more than 23,000 SharePoint servers worldwide, and discovered more than 400 systems had been actively compromised.
The cybersecurity firm also noted that the breaches could allow hackers to steal cryptographic keys that would allow them to impersonate users or services even after the server was patched. It said users would need to take further steps to protect their information.
Chinese hackers have shown growing sophistication in their ability to penetrate US government systems, leaving American officials increasingly alarmed. During a breach of the US telecommunications system last year, Chinese hackers were able to listen in on telephone conversations and read text messages, members of Congress said.
The hack was considered so severe that former President Joe Biden took it up directly with President Xi Jinping of China when they met in Peru in November.
In this latest breach, Microsoft said hackers had been using the software weaknesses to attempt, and gain, access to 'target organisations' since as early as July 7. It issued security updates and urged users to install them immediately.
Microsoft revealed the vulnerabilities in SharePoint this month, but at first patched them only partially. It said on July 19 that it was aware of active attacks trying to exploit those vulnerabilities.
Cybersecurity firms had said that they believed Chinese actors were among those attackers, even before Microsoft said so on July 22.
SharePoint helps organisations create websites and manage documents. It integrates with other Microsoft services such as Office, Teams and Outlook.
Microsoft said the vulnerabilities affected only on-premises SharePoint servers, meaning those managed by organisations on their own computer networks, and not those operated on Microsoft's cloud.
Palo Alto Networks, a cybersecurity company, said in a post about the breach that on-premises servers 'particularly within government, schools, health care (including hospitals) and large enterprise companies' were 'at immediate risk.'
'A compromise in this situation doesn't stay contained, it opens the door to the entire network,' the cybersecurity company said. NYTIMES
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Straits Times
18 minutes ago
- Straits Times
Day of prayers for victims after Bangladesh jet crash
Find out what's new on ST website and app. Muslims offer a special prayer at the Baitul Mukarram National Mosque in Dhaka on July 25. DHAKA - Special prayers were held across Bangladesh on July 25, as the death toll from a fighter jet crash into a school building in Dhaka rose to 32. Most of the dead were children – the youngest aged nine – after the Chinese-made F-7 BJI aircraft slammed into the Milestone School and College on July 21 following a mechanical failure. The authorities earlier said 31 people were killed and 170 injured in the deadliest aviation disaster in the country in decades. The latest to succumb to her injuries was 10-year-old Tasnim Afroz Ayman, hospital coordinator Sarkar Farhana Kabir told AFP. 'She was undergoing treatment in the High Dependency Unit with 45 per cent burns,' she said. Ayman's uncle, Mr Saiful Islam, said she remained calm and composed despite undergoing excruciating pain during her final hours. 'Even last night, she consoled her mother. But God had other plans,' Mr Saiful told AFP. Top stories Swipe. Select. Stay informed. Singapore SMRT to pay lower fine of $2.4m for EWL disruption; must invest at least $600k to boost reliability Singapore MRT service changes needed to modify 3 East-West Line stations on Changi Airport stretch: LTA Asia Live: Thailand-Cambodia border clashes continue for second day Singapore Vapes: The silent killer hiding in the pocket Singapore Vape disposal bins at 23 CCs for users to surrender e-vaporisers without facing penalties Singapore Fine for couple whose catering companies owed $432,000 in salaries to 103 employees Singapore Tipsy Collective sues former directors, HR head; alleges $14m lost from misconduct, poor decisions Singapore Kopi, care and conversation: How this 20-year-old helps improve the well-being of the elderly As of July 25, 51 others were receiving treatment in various city hospitals. Following a government directive, all mosques across the country held special prayers during the July 25 congregation. Mr Ashraful Islam, who came to pray at a mosque close to the school, lost both his children – Tahia Ashraf Nazia, 13, and Arian Ashraf Nafi, 9. 'I have nothing left,' Mr Ashraful told reporters. Nazia kept asking about her younger brother Nafi until her last breath, he added. Her final request was for an ice cream, said her aunt Naznin Akhter. 'I'm burning inside. Give me some ice cream... and don't let go of my hand,' were her last words, she told a local TV channel. India and Singapore have sent doctors specialising in burn care to assist their Bangladesh colleagues. A military investigation has been opened to determine the cause of the accident. AFP
CNA
18 minutes ago
- CNA
Google partners with Italy's Energy Dome on zero-emission power supply
MILAN :Italian energy storage firm Energy Dome said on Friday it had entered a commercial partnership with Google to supply carbon-free energy to the grids that power the operations of the U.S. tech giant. As part of the agreement, Google has made a strategic investment in Milan-based Energy Dome, which has developed a CO2 battery technology to support the energy transition through long-duration energy storage solutions, the companies said in a joint statement. They did not disclose the financial details. Google joins other investors in the Italian energy storage firm such as Oman's sovereign wealth fund and global tank storage operator Vopak. Google's first commercial long-duration energy storage deal is part of a growing number of advanced energy technologies the group needs to hit a goal to run its operations on 24/7 carbon-free energy by 2030. Energy Dome's CO2-based system stores energy by compressing and liquefying carbon dioxide, which is later expanded to generate electricity. The technology avoids the use of scarce raw materials such as lithium and copper, making it potentially attractive to European policymakers seeking to reduce reliance on critical minerals and bolster energy security. Energy Dome launched its first commercial-scale plant in Sardinia in 2022 with a view to completing it by the end of 2024, with a 24-hour cycle and a 20-megawatt capacity able to power 13,000-15,000 houses.
Business Times
18 minutes ago
- Business Times
DayOne breaks ground on first Singapore data centre to trial hydrogen-based power generation
[SINGAPORE] Singapore-based DayOne Data Centers is developing the nation's first data centre to pilot on-site hydrogen-based power generation. The company broke ground for the 20 megawatt data centre on Friday (Jul 25). The artificial intelligence-ready facility with a gross floor area of approximately 40,000 square metres is located within the Jurong East Data Centre Cluster. This is DayOne's first data centre in Singapore. The facility will be fully powered by renewable energy through a power purchase agreement with Sembcorp Power. DayOne is also partnering the National University of Singapore to pilot on-site solid oxide fuel cell power generation. Hydrogen could supply half of the Republic's power needs by 2050, according to the National Hydrogen Strategy released by the Ministry of Trade and Industry in 2022. DayOne was one of four data centre operators selected by the Singapore Economic Development Board and Infocomm Media Development Authority for the pilot Data Centre - Call for Application (DC-CFA) exercise in 2023. The other data centres selected for the DC-CFA were Equinix, Microsoft and a tie-up between AirTrunk and ByteDance. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up DayOne was formerly the international arm of Chinese data centre firm GDS. It was established in 2022 and began operating as an independent group in 2025. 'This facility marks our commitment to Singapore as both (a) home base and regional hub, while highlighting our long-term vision to power South-east Asia's digital transformation with green infrastructure,' said DayOne's chief executive officer Jamie Khoo in a press statement. The Singapore data centre forms part of DayOne's larger ambition to support digital transformation across the Singapore-Johor-Riau Islands Growth Triangle. DayOne secured RM15 billion (S$4.6 billion) in dual-tranche green financing to support capital expenditure to develop its Johor data centres. It also operates data centres in markets such as Indonesia, Thailand, Japan and Hong Kong.
