Chinese-linked hackers breached several U.S. government agencies, including the Department of Homeland Security and the Department of Health and Human Services, by exploiting a vulnerability in Microsoft’s SharePoint platform, CBS News reported July 24.
Here are six things to know about the breach:
Microsoft confirmed in a July 19 blog post that two Chinese state-backed groups, identified as Linen Typhoon and Violet Typhoon, targeted internet-facing SharePoint servers. The company said the attackers deployed ransomware and exploited the flaw before a patch was issued.
A spokesperson for China’s Foreign Ministry told reporters July 22 that he was “not familiar with the specifics” of the incident and declined to comment on the alleged involvement of Chinese hackers.
CBS News reported that the Defense Intelligence Agency also experienced disruptions, with SharePoint access down for several hours on July 22. The National Institutes of Health, which conducts research on infectious diseases and public health, was among the agencies affected.
A White House official said the federal government responded quickly to identify and contain the breach. “We are working with all agencies to patch vulnerabilities and mitigate impact,” the official said.
The Cybersecurity and Infrastructure Security Agency, a division of DHS, issued alerts and updates shortly after the vulnerability was detected on July 18, according to agency spokesperson Tricia McLaughlin. She said there is currently “no evidence of data exfiltration at DHS or any of its components.”
Ms. McLaughlin added that CISA is “working around the clock” with Microsoft and affected agencies to limit the damage and prevent future attacks.
Microsoft has released a security update to fix the vulnerability.
The post Chinese hackers breach HHS, NIH in Microsoft SharePoint cyberattack: Report appeared first on Becker’s Hospital Review | Healthcare News & Analysis.
Health IT
