The American technology company Microsoft has officially confirmed a large-scale cyberattack carried out by Chinese hacker groups who attempted to infiltrate local SharePoint servers and steal strategically important information.
According to the company's investigation, three main groups - Linen Typhoon, Violet Typhoon, and Storm-2603, used specific technical vulnerabilities to gain unauthorized access to corporate databases. The attack was precisely planned and targeted specific sectors and organizations.
Microsoft experts emphasize that the attack did not affect cloud services, but only local SharePoint installations. Immediately after identifying the problem, the company issued emergency security updates and recommends that all users install patches immediately.
Charles Carmacal, technical director at consulting firm Mandiant, shared with BBC that multiple victims have been identified in various geographical regions. According to him, hackers have managed to obtain persistent access to encrypted materials from the SharePoint systems of the attacked organizations.
Microsoft reveals details about the profile of individual hacker groups. Linen Typhoon, for example, is focused on stealing intellectual property, primarily targeting government and defense structures. Violet Typhoon specializes in long-term digital espionage against government officials, non-governmental organizations, media, and financial institutions.
The company defines Storm-2603 as a group of Chinese origin, towards which it has a medium level of confidence. The investigation continues, with Microsoft promising to publish additional information about the incident on its official blog.
Experts emphasize the exceptional scale and opportunistic nature of the attack, which was carried out before the publication of the official defense. They recommend that all organizations immediately update their SharePoint systems to prevent potential future intrusions.