Microsoft(US:MSFT) Fox Businessยท2025-07-23 20:42Core Insights - Microsoft has identified three China-based hacking groups responsible for an ongoing cyberattack on its SharePoint file-sharing system [1][2][3] Group 1: Attack Overview - The Microsoft Security Response Center first reported the attack on July 19, highlighting vulnerabilities related to spoofing and remote code execution [2] - SharePoint is designed for secure information sharing and collaboration within organizations [2] Group 2: Identified Hacking Groups - Two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, have been observed exploiting vulnerabilities targeting internet-facing SharePoint servers [3] - Linen Typhoon has been active since 2012, focusing on intellectual property theft, particularly from organizations linked to government and defense [5] - Violet Typhoon, active since 2015, has concentrated on espionage, targeting former government and military personnel, NGOs, think tanks, and various sectors in the U.S., Europe, and East Asia [6] Group 3: Attack Methods and Objectives - Linen Typhoon is known for "drive-by compromises" and relies on existing exploits to breach organizations [5] - Violet Typhoon seeks vulnerabilities in exposed web infrastructure to exploit weaknesses and install web shells [9] - Storm-2603 is another China-based threat actor involved in the breach, but its links to other known Chinese hacking groups remain unconfirmed [9] Group 4: Response and Mitigation - Microsoft has released security updates to protect customers using all versions of SharePoint and urges immediate application of these updates [12]