Summary
Microsoft reported that Chinese hacker groups breached their SharePoint document servers to access data from businesses. The company has issued security updates and advised users of its on-premises (self-hosted) SharePoint servers to install these updates promptly.
Key Facts
- Microsoft identified Chinese hacker groups, Linen Typhoon, Violet Typhoon, and Storm-2603, as responsible for the attacks.
- The hackers used weaknesses in on-premises SharePoint servers to access business data.
- Microsoft released security updates and advised affected users to install them to prevent further attacks.
- Investigations into other possible cyberattack activities are ongoing.
- Microsoft has high confidence that systems without these updates remain at risk.
- Attacks involved hackers sending a request to steal key data from the SharePoint servers.
- Governments and businesses using SharePoint were the main targets, with various sectors impacted globally.
- Linen Typhoon focuses on stealing intellectual property, while Violet Typhoon primarily engages in espionage activities.
