According to the Microsoft Security Blog , exploits of Microsoft SharePoint Server platform vulnerabilities have been exploited over the past few days.Some of the attacks targeting organizations have been linked to hacking groups affiliated with the Chinese government. Microsoft said on Tuesday:
"As of this writing, Microsoft has observed two Chinese nation-state threat actors (Linen Typhoon and Violet Typhoon) exploiting these vulnerabilities to attack Internet-facing SharePoint servers. In addition, we have observed another China-based threat actor (tracking number Storm-2603) also exploiting these vulnerabilities. Investigations into other actors who also exploited these vulnerabilities are ongoing."
Eye Security revealed that it has discovered that 54 institutions have been compromised, including a private university, a private energy operator in California, and a federal government health organization. The Washington Post reported that anonymous sources involved in the SharePoint breach said they also found some attacks were linked to IP addresses in China.
Microsoft released a patch update for SharePoint 2016 Server on Tuesday morning, which has now fixed all SharePoint versions affected by the zero-day vulnerability. In an update, Microsoft said that given how widely known the flaw is, it has "a high degree of confidence" that threat actors will continue to exploit it to attack unpatched server systems.
Researchers at Eye Security published details last week of a vulnerability that allowed hackers to access certain on-premises versions of SharePoint to steal sensitive data, obtain passwords and move them between connected services.
Related articles:
Microsoft reports zero-day attack on SharePoint, patch not yet ready