Microsoft has restricted Chinese firms from receiving proof-of-concept exploit code through its MAPP program after mass exploitation of SharePoint vulnerabilities, aiming to prevent leaks and keep defenses updated. Several Chinese state-linked threat actors, including Linen Typhoon, Violet Typhoon, and Storm-2603, exploited these flaws, targeting government, defense, NGO, media, and academic sectors. #LinenTyphoon #VioletTyphoon #Storm2603 #SharePointFlaws
Keypoints
- Microsoft has limited the sharing of exploit proof-of-concept code with Chinese firms through its MAPP program.
- Mass exploitation of SharePoint vulnerabilities by Chinese threat actors occurred before patches were fully released in July.
- Chinese groups Linen Typhoon, Violet Typhoon, and Storm-2603 are actively exploiting these vulnerabilities for espionage and theft.
- Attackers target on-premises SharePoint servers, bypass authentication, and steal cryptographic keys using malicious scripts.
- Microsoft advises immediate patching and emphasizes ongoing monitoring to prevent exploitation of unpatched systems.