Microsoft has issued a warning about state-sponsored Chinese hackers breaching SharePoint software, which is utilized by various US agencies overseeing the management and modernization of nuclear weapons.
The National Nuclear Security Administration, which operates under the Department of Energy, is reportedly among the entities targeted by these cyberattacks linked to Chinese cybercriminals.
A Dutch cybersecurity firm estimates that approximately 400 government agencies in the US, as well as in countries like Mauritius, Jordan, South Africa, and the Netherlands, were impacted by this breach.
Initially, a Dutch company had reported that only about 60 entities were affected.
Sources suggest no data appears to have been stolen due to a vulnerability exploited in Microsoft’s SharePoint software. An agency spokesperson noted that the exploitation began affecting the Department of Energy on July 18.
Officials have stated that, thanks to the extensive use of Microsoft M365 cloud services and advanced cybersecurity measures, the impact on the department has been minimal, with very few systems affected and all of those now restored.
This breach has reportedly been occurring since at least July 7, and a collaboration with Microsoft to address cyber threats has been established.
Some signs indicate this might be orchestrated by state-backed actors, with indications that the hacking tactics resemble those typically associated with Chinese cyber activities, according to experts continuing to investigate the matter.
Microsoft’s blog post has flagged two notable cybercrime groups, known as Linen and Violet Typhoon, as potentially linked to this exploit, emphasizing their operations may leverage weaknesses in Microsoft’s software.
These vulnerabilities pose a risk of data breaches for the customers using these systems. Microsoft also mentioned another Chinese group involved in these activities, known as Storm-2603.
Besides the NNSA, other victims include the US Department of Education and Florida’s Department of Revenue, with international entities targeted as well, including various governments in Europe and the Middle East. Researchers have recorded over 100 breaches spanning many sectors, including energy and academia.
Despite Microsoft recently patching vulnerabilities, concerns linger that these hackers will continue to adapt and exploit any remaining flaws in the future.
The Chinese embassy has asserted that it opposes hacking activities while rejecting accusations aimed at China regarding cybersecurity issues.
Cybersecurity experts have voiced significant concerns about the magnitude of this threat. Michael Sikorski from Palo Alto Networks labeled it a “high sensitivity and high treatment” issue, noting the integrative risks presented by SharePoint with tools like Office and Outlook, which hold valuable data.
Experts suspect that the actual numbers affected may be higher than reported, with possible hidden vulnerabilities that allow hackers to access SharePoint servers even after patches are applied, according to a co-owner of Eye Security.
This situation is still unfolding, with fears that other opportunistic threats may continue exploiting vulnerable servers as investigations proceed.
In light of these recent breaches, Microsoft’s security measures are under fresh scrutiny, particularly following a critical report issued by the US government regarding the company’s security culture last year.
