博客

[FCE] US nuclear weapons agency ‘among 400 organisations breached by Chinese hackers’ | Microsoft | The Guardian

收听本期播客

阅读正文

In a worrying turn of events, Microsoft has uncovered a major security breach in its SharePoint servers, a platform widely used by organizations for document storage and teamwork. This breach, exploited by Chinese hackers including state-sponsored groups, has affected around 400 government agencies, businesses, and other entities, primarily in the United States. Among the most concerning victims is the US National Nuclear Security Administration, which oversees nuclear weapons, raising significant fears about national security risks.

The attacks, active since early July, targeted on-site SharePoint servers connected to the internet, rather than those hosted on Microsoft’s cloud system. Microsoft identified three hacking groups involved: Linen Typhoon and Violet Typhoon, both connected to the Chinese government, and Storm-2603, also believed to originate from China. These groups exploited weaknesses to access sensitive data and install damaging software. Linen Typhoon is known for targeting sectors like government and defense to steal valuable information, while Violet Typhoon focuses on espionage, often aiming at former military personnel and research organizations.

The extent of the damage is still unfolding. Eye Security, a Dutch cybersecurity firm, warned that the number of affected organizations could rise as more investigations are carried out. After examining thousands of publicly accessible SharePoint servers globally, they discovered numerous compromised systems. In response, Microsoft has issued urgent security updates and strongly recommends that all users of on-site SharePoint systems install them without delay to prevent further attacks.

This incident highlights the growing challenges in digital security, especially amidst rising tensions between the US and China in the technology field. Several American companies, including Microsoft, have recently scaled back their research operations in China due to increasing pressure from US authorities. As technology becomes ever more critical to daily life, the risks of cybercrime and espionage continue to grow, posing difficult questions about how to safeguard sensitive information against such advanced threats. The need for stronger defenses and greater awareness has never been more urgent.

阅读练习

1. What is the main concern caused by the SharePoint security breach?

  • A. The loss of personal data for Microsoft users
  • B. The potential threat to national security
  • C. The financial damage to affected companies
  • D. The disruption of Microsoft’s cloud services

2. Which type of SharePoint servers were targeted by the hackers?

  • A. Those hosted on Microsoft’s cloud system
  • B. Those used by small businesses only
  • C. Those connected to the internet and hosted on-site
  • D. Those managed by government agencies alone

3. What is Violet Typhoon known for targeting?

  • A. Government and defense sectors for valuable data
  • B. Former military personnel and research organizations
  • C. Businesses for financial gain
  • D. Individual users for personal information

4. What action has Microsoft taken in response to the breach?

  • A. They have shut down all on-site SharePoint servers.
  • B. They have released security updates for users to install.
  • C. They have stopped operations in China completely.
  • D. They have asked users to switch to cloud-based systems.

5. What broader issue does the article suggest this incident reflects?

  • A. The declining use of technology in daily life
  • B. The increasing tensions between the US and China in technology
  • C. The lack of interest in cybersecurity among companies
  • D. The growing preference for on-site servers over cloud systems