TZUTC: -0500   
   MSGID: 1259.consprcy@1:2320/105 2ce629e4   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Microsoft seemingly confirms Chinese hackers behind SharePoint server attacks   
      
   Date:   
   Wed, 23 Jul 2025 09:25:25 +0000   
      
   Description:   
   Microsoft recently patched two major flaws in SharePoint on-prem instances,   
   but the effects could be long-lasting.   
      
   FULL STORY   
      
   At least three major Chinese hacking groups were abusing recently discovered   
   vulnerabilities to target businesses using Microsoft SharePoint, the company   
   has said.    
      
   Microsoft recently released an urgent patch to fix two zero-day   
   vulnerabilities affecting on-premises SharePoint servers, tracked as   
   CVE-2025-49704 (a remote code execution bug), and CVE-2025-49706 (a spoofing   
   vulnerability), which were being abused in the wild.    
      
   Now, Microsoft is saying that the groups targeting the flaws are Chinese   
   state-sponsored groups - namely Linen Typhoon, Violet Typhoon, and    
   Storm-2603.    
      
   Two typhoons and a storm   
      
   The first two are part of the larger typhoon operation, counting at least    
   half a dozen organizations, including Brass Typhoon, Salt Typhoon, Volt   
   Typhoon, and Silk Typhoon.    
      
   In the last couple of years, these groups were attributed with breaches into   
   critical infrastructure organizations, government, defense, and military   
   firms, telecom operators, and similar businesses, across the western world    
   and NATO members.    
      
   Some researchers are saying that these groups were tasked with persisting in   
   the target networks, in case the standoff between the US and China over    
   Taiwan escalates into actual war. That way, they would be able to disrupt or   
   destroy critical infrastructure, eavesdrop on important conversations, and   
   thus gain the upper hand in the conflict.    
      
   At least seven major telecommunications operators in the United States have   
   recently confirmed discovering Typhoon operatives on their networks and   
   removing them from the virtual premises.    
      
   "Investigations into other actors also using these exploits are still   
   ongoing," Microsoft said in a blog post , stressing that the attackers will   
   definitely continue targeting unpatched systems.    
      
   SharePoint Server Subscription Edition, SharePoint Server 2019, and    
   SharePoint Server 2016 were said to be affected. SharePoint Online (Microsoft   
   365) was secure.    
      
   Microsoft recommends customers to use supported versions of on-premises   
   SharePoint servers with the latest security updates immediately, and says   
   users should ensure their antivirus and endpoint protection tools are up to   
   date.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/microsoft-seemingly-confirms-chinese-ha   
   ckers-behind-sharepoint-server-attacks   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426