#Chinese# Chinese Hacking# Microsoft
IBNS-CMEDIA: Tech giant Microsoft has said Chinese hacking groups were believed to be behind the recent attacks on its SharePoint collaboration software.
In a blog post, Microsoft said: “As of this writing, Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon exploiting these vulnerabilities targeting internet-facing SharePoint servers.”
“In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities to deploy ransomware. Investigations into other actors also using these exploits are still ongoing,” the statement said.
“With the rapid adoption of these exploits, Microsoft assesses with high confidence that threat actors will continue to integrate them into their attacks against unpatched on-premises SharePoint systems,” the statement further said.
Alerting users, Microsoft recommended that customers use supported versions of on-premises SharePoint servers with the latest security updates.
“To stop unauthenticated attacks from exploiting this vulnerability, customers should also integrate and enable Antimalware Scan Interface (AMSI) and Microsoft Defender Antivirus (or equivalent solutions) for all on-premises SharePoint deployments and configure AMSI to enable Full Mode,” the tech giant said.
