王月眉2025年7月24日微软在北京的办公室。该公司表示,与中国政府有联系的黑客组织一直在利用其SharePoint软件中的安全漏洞发动攻击。 Tingshu Wang/ReutersMicrosoft said that Chinese state-sponsored actors were exploiting vulnerabilities in one of its popular collaboration software products, SharePoint, which is used by U.S. government agencies and many companies worldwide.微软表示,由中国政府支持的黑客正在利用其广受欢迎的协作软件产品SharePoint中的漏洞,美国政府机构和全球众多公司都是该产品的用户。Microsoft said in a notice on its security blog on Tuesday that it had identified at least two China-based groups linked to the Chinese government that it said had been taking advantage of security flaws in its SharePoint software. Such attacks aim to sneak into the computer systems of users.微软周二在其安全博客上发布公告称,该公司已确认至少两个与中国政府有关联的中国境内黑客组织在利用SharePoint软件的安全漏洞。此类攻击旨在潜入用户的计算机系统。Those groups, called Linen Typhoon and Violet Typhoon, were ones that Microsoft said it had been tracking for years, and which it said had been targeting organizations and personnel related to government, defense, human rights, higher education, media, and financial and health services in the United States, Europe and East Asia.微软表示多年来一直在追踪这两个名为“亚麻台风”和“紫罗兰台风”的黑客组织,这些组织一直将美国、欧洲和东亚与政府、国防、人权、高等教育、媒体以及金融和医疗服务相关的组织和人员作为目标对象。Microsoft said another actor, which it called Storm-2603, was also involved in the hacking campaign. It said it had “medium confidence” that Storm-2603 was a “China-based threat actor.”微软还指出,另一个名为“风暴2603”的黑客组织也参与了攻击行动,并“基本确认”该组织也是“来自中国的威胁行为者”。The U.S. government’s Cybersecurity and Infrastructure Security Agency issued a notice that said it was aware of the hacking attack on SharePoint. It added that it had notified “critical infrastructure organizations” that were affected.网络安全和基础设施安全局发布公告称已知晓此次攻击,并通知受影响的关键基础设施组织。“While the scope and impact continue to be assessed,” the agency said, the vulnerabilities would enable “malicious actors to fully access SharePoint content, including file systems and internal configurations and execute code over the network.”该机构表示,“虽然攻击的范围和影响仍在评估中”,但这些漏洞将使“恶意行动者能够完全访问SharePoint内容,包括文件系统和内部配置,并能够通过网络执行代码”。A Microsoft spokesperson wrote in an emailed response that the company had been “coordinating closely” with the Cybersecurity and Infrastructure Security Agency, the Department of Defense’s Cyber Defense Command and “key cybersecurity partners globally throughout our response.”微软发言人透过邮件回应,公司正与网络安全和基础设施安全局、国防部网络防御司令部及全球主要网络安全伙伴“保持密切协调”。The Chinese Embassy in Washington did not immediately respond to a request for comment. China has routinely denied being behind cyberattacks and asserts that it is a victim of them.中国驻美大使馆未立即回应置评请求。中国政府一贯否认参与网络攻击,并坚称自己是受害者。Microsoft said in its blog post that investigations into other actors also using these exploits were still ongoing.微软在其博客文章中表示,针对其他也在利用这些漏洞的行为者的调查仍在进行中。Eye Security, a cybersecurity firm, said that it had scanned more than 23,000 SharePoint servers worldwide and discovered that more than 400 systems had been actively compromised.网络安全公司Eye Security表示已对全球超2.3万个SharePoint服务器进行扫描,发现超过400个系统已被攻陷。The cybersecurity firm also noted that the breaches could allow hackers to steal cryptographic keys that would allow them to impersonate users or services even after the server was patched. It said users would need to take further steps to protect their information.该网络安全公司同时警告,漏洞可能导致黑客窃取密钥,即使在服务器安装补丁后,攻击者仍能借此冒充用户或服务。用户需采取额外防护措施来保障信息安全。James Corera, the director of the cyber, technology and security program at the Australian Strategic Policy Institute, a research group, said that being able to deploy back doors to enable long-term access was “a level of sophistication typically associated with the most advanced actors.”澳大利亚战略政策研究所网络安全项目主任詹姆斯·科雷拉指出,部署后门实现长期访问“是一种通常只有最尖端的行为者才具备的高水平手法”。While there was no public confirmation that the Chinese hackers had stolen those cryptographic keys, it was clear that China’s state-sponsored operations had become increasingly precise in recent years, he said.他表示,虽然尚无公开证据表明中国黑客窃取了这些密钥,但很明显,中国的国家支持行动近年来变得越来越精准。“Chinese state-sponsored cyber actors have steadily evolved from opportunistic to highly disciplined operators,” Mr. Corera wrote in written responses to questions. “What we’re seeing now is a level of sophistication in initial access, lateral movement, and credential harvesting that exceeds what many governments and vendors had anticipated.”科雷拉在书面答复中写道:“中国国家支持的网络攻击者已经从寻机而动稳步演变为纪律严明的行动者。我们现在看到他们在初始访问、横向移动和凭证窃取等方面展现出的复杂的技术水平,超出了许多政府和供应商的预期。”Indeed, American officials have grown increasingly alarmed by Chinese hacking capabilities. During a breach of the U.S. telecommunications system last year, a group linked to a Chinese intelligence agency was able to listen in on telephone conversations and read text messages, members of Congress said. The hack was considered so severe that former President Joseph R. Biden took it up directly with Xi Jinping, China’s leader, when they met in Peru in November.事实上,美国官员对中国的黑客能力越来越感到警惕。国会议员表示,在去年对美国电信系统的一次入侵中,一个与中国情报机构相关的团体甚至能窃听电话和阅读短信。那次黑客攻击被认为极其严重,以至于前总统拜登在去年11月于秘鲁会见中国领导人习近平时,直接进行了交涉。With this latest breach, a researcher with Viettel Cyber Security, a Vietnamese security firm, uncovered the SharePoint vulnerability at a May security conference called Pwn2Own in Berlin. On May 16, the researcher won a $100,000 award at the conference for uncovering the weakness.本次漏洞由越南安全公司Viettel的一名研究员在5月柏林Pwn2Own安全会议上发现,5月16日,该研究员为此获得10万美元奖金。The vulnerability was shared with Microsoft on May 29, according to the Zero Day Initiative, which tracks security exposures and hosted the security confernce.根据追踪安全漏洞并主办此次安全会议的机构Zero Day Initiative的说法,漏洞详情于5月29日提交给了微软。Microsoft said it noticed hackers had been trying to use the software weaknesses to gain access to “target organizations” since July 7. The company issued security updates the next day, as part of its monthly batch of security patches, and urged users to install them immediately.微软表示,自7月7日以来,它注意到黑客一直在试图利用这些漏洞来访问“目标组织”。该公司第二天发布了安全更新,作为其每月安全补丁的一部分,并敦促用户立即安装。But those patches only partially solved the problem. Microsoft said on July 19 that it was aware of attempts to exploit those vulnerabilities, and has since issued updates to its patches and guidance to customers that it says, if followed, “fully protect customers.”但补丁仅部分解决问题。微软7月19日表示已监测到有试图利用这些漏洞的行为,随后发布补丁更新和防护指南,称按指南操作可“完全保护客户”。Cybersecurity firms had said that they believed Chinese actors were among those attackers, even before Microsoft said so on Tuesday.多家网络安全公司早在微软周二公告前就认定这些攻击行为来自中国黑客。SharePoint helps organizations create websites and manage documents. It integrates with other Microsoft services such as Office, Teams and Outlook.SharePoint帮助机构创建网站和管理文档,与Office、Teams和Outlook等其他微软服务深度集成。Microsoft said the vulnerabilities affected only on-premises SharePoint servers, meaning those managed by organizations on their own computer networks, and not those operated on Microsoft’s cloud.微软表示,这些漏洞仅影响本地SharePoint服务器,也就是那些由使用机构在自己的计算机网络上管理的服务器,不包括在微软云上运行的服务器。Palo Alto Networks, a cybersecurity company, said in a post about the breach that on-premises servers “particularly within government, schools, health care (including hospitals) and large enterprise companies” were “at immediate risk.”网络安全公司Palo Alto Networks在一篇关于此漏洞的帖子中表示,本地服务器,“特别是政府、学校、医疗保健机构(包括医院)和大型企业的本地服务器”面临“直接风险”。“A compromise in this situation doesn’t stay contained, it opens the door to the entire network,” the cybersecurity company said.这家网络安全公司表示:“在这种情况下,一旦系统被攻破,问题就不会止步于此,而是会打开通往整个网络的大门。”Karen Weise自西雅图对本文有报道贡献。王月眉(Vivian Wang)是《纽约时报》驻华记者,常驻北京,撰写关于中国的崛起及雄心如何塑造普通人日常生活的报道。翻译:纽约时报中文网点击查看本文英文版。获取更多RSS:https://feedx.net https://feedx.site