Microsoft responds to global security vulnerability, points finger at China

Microsoft's SharePoint server platform was confirmed to be suffering from an exploit that has resulted in at least 54 organizations being breached, including a private university, a federal government health organization, and a California-based energy operator.

2

Microsoft has since responded to the vulnerability in a new security blog post, stating that over the last few days, it has evaluated the vulnerability along with the breaches associated with it and determined that they are linked to hacking groups affiliated with the Chinese government.

According to Microsoft, it has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, who are exploiting the vulnerabilities in the SharePoint platform. Additionally, Microsoft says it has identified another China-based group taking advantage of the vulnerabilities, known as Storm-2603.

The Windows maker said in its statement that investigations into other actors also using the exploits are still ongoing. Other reports have corroborated the statements from Microsoft, with these reports citing people who are currently working on SharePoint intrusions saying they've also detected that attacks exploiting the vulnerabilities are being traced back to China through IP addresses.

"As of this writing, Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting these vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Investigations into other actors also using these exploits are still ongoing," said Microsoft on Tuesday

Microsoft released a patch on Tuesday morning that it says "with high confidence" fixes the SharePoint vulnerability, but warned that bad actors will continue probing servers in a bid to locate one that hasn't been updated to the latest patch.