China-Backed Hackers Breach US Agencies in Major Microsoft SharePoint Cyberattack

Three hacking groups linked to China are part of a large-scale cyberattack targeting users of widely used Microsoft server software, impacting numerous organizations worldwide, according to the report by Politico.

According to two US officials, federal investigators suspect that several US government agencies are among the initial victims of this ongoing cyber exploitation campaign, although the complete extent remains uncertain.

Microsoft acknowledged in a blog post that three Chinese hacking groups, referred to as Violet Typhoon, Linen Typhoon, and Storm-2603, are participating in the hacking operation.

Approximately 100 organizations, including at least two US federal agencies, are believed to be victims of these hacks, as stated by one US official involved in the incident response and a second who has been informed about it.

Both officials spoke on the condition of anonymity due to the ongoing situation, as reported by Politico.

Chinese Groups Took Advantage Of Flaws In Microsoft SharePoint Servers

Since Saturday, private security researchers and federal investigators have been addressing the aftermath of the breach, which Microsoft initially reported due to unidentified hackers exploiting a major flaw in its customer-managed SharePoint servers, a commonly used workplace collaboration tool.

Microsoft noted in a blog post that, given the rapid adoption of these exploits, it is highly confident that the threat actors will continue to implement them in their attacks on unpatched on-premises SharePoint systems.

The first US official indicated that investigators currently believe at least “four to five” federal agencies were compromised, while more agencies are still under investigation.

The second official noted that they were informed on Monday that “more than one” federal agency had been affected.

The vulnerabilities in the SharePoint software are deemed critical as they permitted hackers to remotely infiltrate Microsoft customers utilising self-hosted versions of the service, enabling them to delve deeper into their networks.

However, these vulnerabilities did not impact those operating a version of SharePoint hosted on Microsoft’s cloud servers.

Four US Federal Agencies Are Believed To Be Compromised

A Microsoft spokesperson stated that the company is working to ensure its customers apply the necessary fixes and is “coordinating closely with CISA, DOD Cyber Defence Command, and key global cybersecurity partners throughout our response.” A spokesperson from CISA remarked that the tech firm has been “responding quickly” since the agency first contacted them.

This incident marks another breach in a series targeting the US technology giant, many of which have connections to China.

In 2023, Chinese hackers accessed emails from both the US ambassador to China and the US Commerce Secretary by taking advantage of a “cascade” of Microsoft security flaws that were later criticised by a federal cyber review panel.

Additionally, the Pentagon announced last week that it would review all its cloud products following an investigation that found engineers based in China had been providing technical support for Pentagon computer systems, as revealed by Politico. 

(Inputs From ANI)

Also Read: Cyberattack On Microsoft’s Software SharePoint Leaves About 100 Organizations At Risk