Microsoft says Chinese hacking groups exploited SharePoint vulnerability in attacks

Microsoft on Tuesday said Chinese hacking groups were part of the recent attacks on its SharePoint collaboration software.

As early as July 7, the Chinese nation-state actors it calls Linen Typhoon and Violet Typhoon have been trying to exploit the vulnerability, as has a China-based actor called Storm-2603, Microsoft said in a Tuesday blog post.

On Monday, Charles Carmakal, technology chief of the Google-owned Mandiant cybersecurity consulting group, said in a LinkedIn post that “we assess that at least one of the actors responsible for the early exploitation is a China-nexus threat actor.”

On Sunday, the U.S. Cybersecurity and Infrastructure Security Agency said it was “aware of active exploitation” of the vulnerability, and Microsoft rolled out patches for two versions of its on-premises SharePoint releases. The software company issued a fix for a third version on Monday.

SharePoint is a key component of Microsoft’s widely used Office productivity software, enabling many people inside organizations to access internal files.

Last year, Microsoft CEO Satya Nadella made cybersecurity a top priority after a U.S. government report criticized the company’s handling of China’s breach of U.S. government officials’ email accounts.

Last week, the company said it would stop relying on engineers based in China to support the Pentagon’s use of cloud services, after a media report suggested that the architecture could have led to China-sponsored attacks against the U.S. defense arm.

In 2021, attackers affiliated with the Chinese nation-state group known as Hafnium targeted a different piece of Office software, Exchange Server, which provides mail and calendar services.

WATCH: Clode: Cybersecurity budgets won’t be the ones getting cut