TZUTC: -0500
MSGID: 1259.consprcy@1:2320/105 2ce629e4
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Microsoft seemingly confirms Chinese hackers behind SharePoint server attacks

Date:
Wed, 23 Jul 2025 09:25:25 +0000

Description:
Microsoft recently patched two major flaws in SharePoint on-prem instances,
but the effects could be long-lasting.

FULL STORY

At least three major Chinese hacking groups were abusing recently discovered
vulnerabilities to target businesses using Microsoft SharePoint, the company
has said. 

Microsoft recently released an urgent patch to fix two zero-day
vulnerabilities affecting on-premises SharePoint servers, tracked as
CVE-2025-49704 (a remote code execution bug), and CVE-2025-49706 (a spoofing
vulnerability), which were being abused in the wild. 

Now, Microsoft is saying that the groups targeting the flaws are Chinese
state-sponsored groups - namely Linen Typhoon, Violet Typhoon, and 
Storm-2603. 

Two typhoons and a storm

The first two are part of the larger typhoon operation, counting at least 
half a dozen organizations, including Brass Typhoon, Salt Typhoon, Volt
Typhoon, and Silk Typhoon. 

In the last couple of years, these groups were attributed with breaches into
critical infrastructure organizations, government, defense, and military
firms, telecom operators, and similar businesses, across the western world 
and NATO members. 

Some researchers are saying that these groups were tasked with persisting in
the target networks, in case the standoff between the US and China over 
Taiwan escalates into actual war. That way, they would be able to disrupt or
destroy critical infrastructure, eavesdrop on important conversations, and
thus gain the upper hand in the conflict. 

At least seven major telecommunications operators in the United States have
recently confirmed discovering Typhoon operatives on their networks and
removing them from the virtual premises. 

"Investigations into other actors also using these exploits are still
ongoing," Microsoft said in a blog post , stressing that the attackers will
definitely continue targeting unpatched systems. 

SharePoint Server Subscription Edition, SharePoint Server 2019, and 
SharePoint Server 2016 were said to be affected. SharePoint Online (Microsoft
365) was secure. 

Microsoft recommends customers to use supported versions of on-premises
SharePoint servers with the latest security updates immediately, and says
users should ensure their antivirus and endpoint protection tools are up to
date.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/microsoft-seemingly-confirms-chinese-ha
ckers-behind-sharepoint-server-attacks

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426