Microsoft’s SharePoint is meant to help users manage content, collaborate, customize workflows, and create team sites “with advanced security and governance controls built in.” Alas, this security is not so secure, as the company reported a breach in its servers, which suffered attacks against on-premises servers that exploit spoofing and remote code execution vulnerabilities.
Microsoft says that the threat comes from Chinese nation-state actors, Linen Typhoon, Violet Typhoon, and Storm-2603, “exploiting these vulnerabilities to deploy ransomware. Investigations into other actors also using these exploits are still ongoing. With the rapid adoption of these exploits, Microsoft assesses with high confidence that threat actors will continue to integrate them into their attacks against unpatched on-premises SharePoint systems.”
