There is a major vulnerability in Microsoft’s SharePoint software. Many companies and governments use this software for purposes such as sharing files. Microsoft points out that Chinese hackers are exploiting the vulnerability to steal sensitive files.
According to Microsoft in a blog post, the Chinese hacker groups Linen Typhoon, Violet Typhoon, and Storm-2603 are exploiting critical vulnerabilities in SharePoint. It is believed that these groups hack in cooperation with or on behalf of the Chinese government.
The vulnerability in SharePoint can be exploited to break into SharePoint. Hackers can then steal files and documents. In the United States, hackers have reportedly gained access to sensitive government information in this way. This is also said to have happened in Europe and the Middle East, according to insiders speaking to news agency Bloomberg.
Microsoft has released a software update. According to the software company, this update should be installed as soon as possible.
The Dutch National Cyber Security Centre (NCSC) reports that the update reduces the risks but emphasizes that the update does not completely solve the problems. Microsoft says it is still working on developing other improvements.