Risk highlighted as Chinese hackers hit Microsoft
While such cyberattacks are not new, the scale of the onslaught and the speed with which the hackers took advantage of freshly discovered vulnerabilities is fueling concern.
Dutch startup Eye Security warned Saturday of online attacks targeting SharePoint file-sharing servers, with Microsoft quick to confirm the report and release patches to protect systems.
The vulnerability allowed hackers to retrieve credentials and then access SharePoint servers kept at users' facilities, according to Microsoft.
Cloud-based SharePoint software was safe from the problem, the company said.
- Targets -
Eye Security determined that more than 400 computer systems were compromised by hackers during waves of attacks.
Targets included government organizations in Europe, the Middle East and the United States - among them the US nuclear weapons agency, media reports indicated.
"On-premises SharePoint deployments - particularly within government, schools, healthcare and large enterprise companies - are at immediate risk," cybersecurity firm Palo Alto Networks warned in a note.
Microsoft has not disclosed the number of victims in the attacks.
SharePoint had more than 200 million active users as of 2020, according to the most recent figures available from Microsoft.
- Attribution? -
Microsoft has attributed the cyberattacks to groups backed by China.
The culprits are believed to include Chinese state actors known as Linen Typhoon and Violet Typhoon along with a group called Storm-2603 which "is considered with moderate confidence to be a threat actor based in China."
The Typhoon groups have been active for a decade or more, and are known for intellectual property theft as well as espionage, according to Microsoft.
Less was known about Storm-2603 and its motives.
"Investigations into other actors also using these exploits are ongoing," Microsoft said, urging users to patch SharePoint servers to avoid becoming hacking victims.
Cybersecurity specialist Damien Bancal noted in a recent blog post that he found "ready-to-use exploit code" for the vulnerability at a popular website.
- Why Microsoft? -
The assault on SharePoint servers is the latest in a series of sophisticated attacks carried out by state-sponsored groups against "the Microsoft ecosystem," according to Bancal.
In 2021, attacks by a Chinese hacker group known as Silk Typhoon compromised tens of thousands of email servers using Microsft Exchange software.
Microsoft's success at making its software commonplace in offices and homes also makes it a prime target for hackers out to steal money or information.
Microsoft software can hold sensitive and valuable information.
"It's not Microsoft that is being targeted, it's its customers," said Shane Barney, head of information security at US-based Keeper.
Targeting Microsoft programs is a means to an end, and tomorrow it could be software from another company, said Rodrigue Le Bayon, head of Orange Cyberdefense computer emergency response team.
- China's role? -
China is not the only nation backing hacker operations as countries around the world hone cyber capabilities, according to Le Bayon.
Nevertheless, China is repeatedly singled out by companies and goverments hit by hacks.
Western countries have accused hacker groups allegedly supported by China of conducting a global cyber espionage campaign against figures critical of Beijing, democratic institutions, and companies in various sensitive sectors.
mng-juj/gc/arp/dw
Related Links
Cyberwar - Internet Security News - Systems and Policy Issues
