This article is from the source 'bbc' and was first published or seen on . The next check for changes will be
You can find the current article at its original source at https://www.bbc.com/news/articles/c4gdnz1nlgyo
The article has changed 2 times. There is an RSS feed of changes available.
Previous version
1
Next version
| Version 0 | Version 1 |
|---|---|
| Microsoft servers hacked by Chinese state-backed groups, firm says | Microsoft servers hacked by Chinese state-backed groups, firm says |
| (about 11 hours later) | |
| Chinese "threat actors" have hacked some Microsoft SharePoint servers and targeted the data of the businesses using them, the firm has said. | |
| China state-backed Linen Typhoon and Violet Typhoon as well as China-based Storm-2603 were said to have "exploited vulnerabilities" in on-premises SharePoint servers, the kind used by firms, but not in its cloud-based service. | China state-backed Linen Typhoon and Violet Typhoon as well as China-based Storm-2603 were said to have "exploited vulnerabilities" in on-premises SharePoint servers, the kind used by firms, but not in its cloud-based service. |
| The US tech giant has released security updates in response and has advised all on-premises SharePoint server customers to install them. | The US tech giant has released security updates in response and has advised all on-premises SharePoint server customers to install them. |
| "China firmly opposes and combats all forms of cyber attacks and cyber crime," China's US embassy spokesman said in a statement. | |
| "At the same time, we also firmly oppose smearing others without solid evidence," continued Liu Pengyu in the statement posted on X. | |
| Microsoft said it had "high confidence" the hackers would continue to target systems which have not installed its security updates. | |
| "Investigations into other actors also using these exploits are still ongoing," Microsoft said in a statement. | "Investigations into other actors also using these exploits are still ongoing," Microsoft said in a statement. |
| It added that it would update its website blog with more information as its investigation continues. | It added that it would update its website blog with more information as its investigation continues. |
| Microsoft said it had observed attacks in which hackers had sent a request to a SharePoint server "enabling the theft of the key material by threat actors". | Microsoft said it had observed attacks in which hackers had sent a request to a SharePoint server "enabling the theft of the key material by threat actors". |
| The UK's National Cyber Security Centre said this included "a limited number" of SharePoint Server customers in the UK. | |
| Charles Carmakal, chief technology officer at Mandiant Consulting firm, a division of Google Cloud, told BBC News it was "aware of several victims in several different sectors across a number of global geographies". | |
| Carmakal said it appeared that governments and businesses that use SharePoint on their sites were the primary target. | Carmakal said it appeared that governments and businesses that use SharePoint on their sites were the primary target. |
| A number of adversaries who stole material encoded by cryptography were then able to regain ongoing access to the victims' SharePoint data, he said. | A number of adversaries who stole material encoded by cryptography were then able to regain ongoing access to the victims' SharePoint data, he said. |
| "This was exploited in a very broad way, very opportunistically before a patch was made available. That's why this is significant," Carmakal said. | "This was exploited in a very broad way, very opportunistically before a patch was made available. That's why this is significant," Carmakal said. |
| Carmakal said the "China-nexus actor" was deploying techniques similar to previous campaigns associated with Beijing. | Carmakal said the "China-nexus actor" was deploying techniques similar to previous campaigns associated with Beijing. |
| Microsoft said Linen Typhoon had "focused on stealing intellectual property, primarily targeting organizations related to government, defence, strategic planning, and human rights" for 13 years. | Microsoft said Linen Typhoon had "focused on stealing intellectual property, primarily targeting organizations related to government, defence, strategic planning, and human rights" for 13 years. |
| It added that Violet Typhoon had been "dedicated to espionage", primarily targeting former government and military staff, non-governmental organizations, think tanks, higher education, the media, the financial sector and the health sector in the US, Europe, and East Asia. | It added that Violet Typhoon had been "dedicated to espionage", primarily targeting former government and military staff, non-governmental organizations, think tanks, higher education, the media, the financial sector and the health sector in the US, Europe, and East Asia. |
| Meanwhile, Storm-2603 was "assessed with medium confidence to be a China-based threat actor". | Meanwhile, Storm-2603 was "assessed with medium confidence to be a China-based threat actor". |
| Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here. |
Previous version
1
Next version