Rules Navigator

Hacking concerns grow as Microsoft servers are targeted by Chinese groups

Logo of the Microsoft store
Microsoft says only on-premises servers have been impacted by the attack. Photo: Gary Hershorn/ Getty Images

Hameed Shuja

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

News comes as cyber security agencies and regulators are struggling to deal with the evolving nature of cyber threats from abroad.

US tech giant Microsoft has accused Chinese cyber hacking groups of targeting and gaining limited access to its on-premises Sharepoint servers last week.

In a blog published on Tuesday, the firm said it “has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting these vulnerabilities targeting internet-facing SharePoint servers.”

Another China-based actor, Storm-2603, is also said to be exploiting the breach and trying to install ransomware onto servers, the firm has said. But it says the vulnerabilities affect on-premises SharePoint servers only, and that SharePoint Online in Microsoft 365 is currently not being affected by the attacks.

The UK’s National Cyber Security Centre also confirmed in a press release this week that “a limited number” of UK customers of Sharepoint servers were also targeted.

In response to the accusations, a spokesperson for the Chinese Embassy in Washington said: “China firmly opposes and combats all forms of cyber attacks and cyber crime,” adding that they “oppose smearing others without solid evidence.”

US and European firms as well as government institutions have increasingly come under cyber attacks attacks in recent years, causing financial harms and disruptions to operations.

Western governments as well as some experts often point the finger at cyber criminal groups based in or operating out of China and Russia. And as seen in this latest case, government agencies in those countries are often accused of having influence or control over these groups.

Cyber attack

News of the latest cyber attack against a major US firm comes as cyber security agencies as well as regulators in the US and Europe are struggling to deal with the evolving nature of cyber threats from abroad.

As reported by the FT, Microsoft is a major federal contractor in the US and has been criticised in recent years for cyber vulnerabilities that have exposed sensitive data, including about US lawmakers.

in terms of regulation, the Federal Information Security Management Act (FISMA) enables federal agencies and their contractors to “secure information systems and protect federal data.” And the Cybersecurity Information Sharing Act (CISA) enables the sharing of cyber-threats related information between private and independent firms and the US government.

Last month, CISA, the FBI, the NSA and other US agencies warned that cyber criminals backed by or linked to Iran were targeting “known vulnerabilities in unpatched or outdated software, compromise internet-connected accounts and devices that use default or weak passwords and work with ransomware affiliates to encrypt, steal and leak sensitive information.”

In the UK this year, a series of high-profile cyber attacks on major retailers including Co-op and M&S, have had severe impacts on operations and finances. And in May this year, the (NCSC) warned that the country’s critical systems are at increased risk from a “digital divide” created by AI threats.

In response, the UK government this week announced measures that it says will protect institutions such as hospitals, businesses, and critical services from having to pay ransom to cyber criminals.

NCSC Director of National Resilience Jonathon Ellison warned: “Ransomware remains a serious and evolving threat, and organizations must not become complacent.”

, , , , , , , , , , , , ,
You may also like