1. Forum
  2. FidoNet
  3. CONSPRCY

  • MS seemingly confirms Chi

    From Mike Powell@1:2320/105 to All on Wed Jul 23 09:17:28 2025
    Microsoft seemingly confirms Chinese hackers behind SharePoint server attacks

    Date:
    Wed, 23 Jul 2025 09:25:25 +0000

    Description:
    Microsoft recently patched two major flaws in SharePoint on-prem instances,
    but the effects could be long-lasting.

    FULL STORY

    At least three major Chinese hacking groups were abusing recently discovered vulnerabilities to target businesses using Microsoft SharePoint, the company has said.

    Microsoft recently released an urgent patch to fix two zero-day
    vulnerabilities affecting on-premises SharePoint servers, tracked as CVE-2025-49704 (a remote code execution bug), and CVE-2025-49706 (a spoofing vulnerability), which were being abused in the wild.

    Now, Microsoft is saying that the groups targeting the flaws are Chinese state-sponsored groups - namely Linen Typhoon, Violet Typhoon, and
    Storm-2603.

    Two typhoons and a storm

    The first two are part of the larger typhoon operation, counting at least
    half a dozen organizations, including Brass Typhoon, Salt Typhoon, Volt Typhoon, and Silk Typhoon.

    In the last couple of years, these groups were attributed with breaches into critical infrastructure organizations, government, defense, and military
    firms, telecom operators, and similar businesses, across the western world
    and NATO members.

    Some researchers are saying that these groups were tasked with persisting in the target networks, in case the standoff between the US and China over
    Taiwan escalates into actual war. That way, they would be able to disrupt or destroy critical infrastructure, eavesdrop on important conversations, and
    thus gain the upper hand in the conflict.

    At least seven major telecommunications operators in the United States have recently confirmed discovering Typhoon operatives on their networks and removing them from the virtual premises.

    "Investigations into other actors also using these exploits are still
    ongoing," Microsoft said in a blog post , stressing that the attackers will definitely continue targeting unpatched systems.

    SharePoint Server Subscription Edition, SharePoint Server 2019, and
    SharePoint Server 2016 were said to be affected. SharePoint Online (Microsoft 365) was secure.

    Microsoft recommends customers to use supported versions of on-premises SharePoint servers with the latest security updates immediately, and says
    users should ensure their antivirus and endpoint protection tools are up to date.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-seemingly-confirms-chinese-ha ckers-behind-sharepoint-server-attacks

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)