Surprise, surprise: Chinese spies, IP stealers, other miscreants attacking Microsoft SharePoint servers

At least three Chinese groups are attacking on-premises SharePoint servers via a couple of recently disclosed Microsoft bugs, according to Redmond.

Two of the crews behind the zero-day attacks are government-backed: Linen Typhoon (aka Emissary Panda, APT27) and Violet Typhoon (aka Zirconium, Judgment Panda, APT31), Microsoft's threat intel team wrote in a Tuesday blog.

Linen Typhoon typically steals intellectual property, and primarily targets organizations related to government, defense, strategic planning, and human rights.

Violet Typhoon focuses on espionage and targets former government and military personnel, non-governmental organizations, think tanks, higher education, digital and print media, financial and health-related sectors in the US, Europe, and East Asia. 

The third group, Storm-2603, is likely China-based but not necessarily a nation-state gang.

"Storm," according to Microsoft's attacker naming taxonomy, is a temporary designation for a newly discovered or emerging cluster of malicious cyber activity.

"Although Microsoft has observed this threat actor ...