U.S. tech giant Microsoft claimed China was behind a wave of cyber attacks on firms and government agencies worldwide, announcing on Tuesday that it has identified three Chinese hacker groups responsible for the damage so far.
Two of them, Linen Typhoon and Violet Typhoon, are known Chinese state actors who exploited a previously unknown, serious vulnerability in Microsoft's SharePoint application by "targeting internet-facing SharePoint servers," the company said.
A third "China-based threat actor," known as Storm-2603, was also observed exploiting the vulnerabilities, Microsoft said, adding that investigations into other potential attackers were ongoing.
Hundreds of companies and organizations worldwide have been affected.
Access to servers via SharePoint, a file-sharing application, potentially allows hackers to steal sensitive data, including passwords, IT security experts have warned.
Microsoft has since released updates to fix the issue, but attackers could also gain permanent access to the systems even after the security gap has been closed.
Figures published by the Shadowserver Foundation show the U.S. tops the list with 546 vulnerable servers.
In Germany, criminal hackers successfully penetrated a SharePoint server in at least 104 cases between last weekend and Monday.
According to the foundation, Canada ranks third behind Germany with 87 vulnerable systems.
The Shadowserver Foundation is an international, nonprofit organization in the field of IT security that is dedicated to improving online security.
