Chinese Hackers Exploit Vulnerabilities in Microsoft SharePoint Servers
Microsoft has reported that hackers linked to China, including state-sponsored groups, have taken advantage of security flaws in its SharePoint document-sharing software to target data belonging to businesses that use it.
The company identified three groups—Linen Typhoon and Violet Typhoon, which have ties to the Chinese government, and Storm-2603, believed to operate from China—using recently uncovered vulnerabilities to attack internet-connected servers running the platform.
This disclosure follows reports of Amazon closing its artificial intelligence lab in Shanghai, while consultancy McKinsey has halted AI-related work in China as tensions between Washington and Beijing intensify.
Microsoft and IBM have also reduced research and development projects in China, coinciding with heightened U.S. scrutiny of American firms involved in AI development there.
According to Microsoft, the vulnerabilities affect on-premises SharePoint servers used by many companies but do not impact its cloud-based service. SharePoint is widely used by large organizations for document storage and collaboration, often integrated with other Microsoft products such as Office and Outlook.
The attacks reportedly began on 7 July, with hackers attempting to breach systems through these weaknesses to gain initial access to targeted organizations. The flaws allow attackers to bypass authentication and remotely execute malicious code. In some cases, hackers sent requests to SharePoint servers to steal critical security keys.
Microsoft has since released security patches and urged all on-premises SharePoint users to install them. It warned with "high confidence" that the hacking groups would continue targeting systems that remain unpatched.
Linen Typhoon, active since 2012, has primarily focused on stealing intellectual property from government, defense, strategic planning, and human rights organizations. Violet Typhoon, operational since 2015, has engaged in espionage, targeting former government and military personnel, NGOs, think tanks, universities, media, and financial and health sectors in the U.S., Europe, and East Asia.
Microsoft stated with "medium confidence" that Storm-2603 is based in China but found no direct links to other Chinese hacking groups. It also cautioned that additional attackers may exploit similar vulnerabilities if security updates are not applied.
Read next
UK Society of Authors unveils logo to mark books authored by humans, not AI
The Society of Authors (SoA) has introduced a programme aimed at marking books that are created by human writers amid a market swamped with AI‑produced titles.
It is the first initiative of its type from a UK trade body, permitting writers to enrol their titles and obtain a “Human
Study finds AI helps hackers uncover anonymous social media profiles.
AI has made it significantly simpler for bad actors to pinpoint anonymous social‑media profiles, a recent study warns.
In most trial conditions, large language models (LLMs) – the technology underlying tools such as ChatGPT – correctly linked anonymous online users to their real identities on other services, using the material they
UK experts say ChatGPT fuels increase in reports of “satanic” organized ritual abuse.
UK specialists say that ChatGPT is prompting an increase in reports of organised ritual abuse, as victims of so‑called “satanic” sexual violence turn to the AI system for therapeutic help.
Police contend that organised ritual abuse and “witchcraft, spirit possession and spiritual abuse” (WSPRA) targeting children are largely hidden