‘Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting these vulnerabilities,’ it says.
Microsoft said on Tuesday that it has observed Beijing-backed hackers exploiting widespread attacks against organizations using collaboration software from the tech giant.
“As of this writing, Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting these vulnerabilities targeting internet-facing SharePoint servers,” the Redmond, Washington-based company said in a blog post on Tuesday.
It added that “another China-based threat actor, tracked as Storm-2603,” was seen exploiting vulnerabilities in its SharePoint software, which is widely used to coordinate work on projects, documents, and other business.
“With the rapid adoption of these exploits, Microsoft assesses with high confidence that threat actors will continue to integrate them into their attacks against unpatched on-premises SharePoint systems,” Microsoft added.
Exploits include bypassing the program’s authentication feature and executing remote code “against vulnerable on-premises SharePoint servers,” Microsoft said.
Microsoft’s post advised customers using SharePoint to upgrade it with the latest security patches in order to stop attacks and exploits from Chinese hacking groups. It also advised that users enable Microsoft software such as Defender Antivirus and its Antimalware Scan Interface, or equivalent programs.
“Additional actors may use these exploits to target unpatched on-premises SharePoint systems, further emphasizing the need for organizations to implement mitigations and security updates immediately,” the company said.
Linen Typhoon, according to Microsoft, is accused of stealing intellectual property and is focused on organizations connected to human rights, governments, defense, and strategic planning.
Violet Typhoon has been more focused on exploiting systems related to former government and military officials, nongovernmental organizations, universities and colleges, print and digital media, and think tanks, among other sectors.
In March, the Department of Justice (DOJ) indicted two Chinese nationals accused of operating in the APT27 , or Linen Typhoon, hacking group, which researchers say has many different names.
The two nationals were alleged to have hacked into U.S. companies, municipalities, and other institutions for profit, and caused millions of dollars worth of damages, the DOJ said.
Microsoft’s Tuesday post did not elaborate on the types or names of organizations that were targeted through the SharePoint vulnerability.
