Microsoft recently disclosed that a China-linked cyber actor had actively exploited vulnerabilities in Microsoft’s on-premises SharePoint servers. The recent hacking campaign focused on private companies and government organizations. Even worse, it took advantage of vulnerabilities in SharePoint, a ubiquitous document management software developed by Microsoft.
The intrusion used methods similar to previous attacks attributed to Beijing, showing a methodical, line-by-line approach by the attackers. Among them are state-backed groups Linen Typhoon and Violet Typhoon. Further compounding concerns, the China-based group Storm-2603 has joined the fray. Hackers focused on-premises SharePoint servers while avoiding compromise of cloud-based services. This treatment has brought a great deal of scrutiny onto the security and organization of hackers across the globe.
Walter Charles Carmakal, the chief technology officer at Mandiant Consulting, went public about a high-profile hack. Second, its devastation spanned thousands of victims across every industry and geography. He underlined the premium, broad, and opportunistic nature of this exploitation, noting that they exploited before Microsoft released a patch.
“This was exploited in a very broad way, very opportunistically before a patch was made available. That’s why this is significant.” – Charles Carmakal
Following the breach of security, Microsoft has issued emergency security updates. The company has urged all customers using on-premises SharePoint servers to promptly install these updates to protect their systems from potential threats.
Microsoft further hinted that such investigations into other cyber actors using these exploits are continuing. This is a reminder that vulnerabilities are often still lurking, and more threats could arise as attackers continue to use the same tactics.
“Investigations into other actors also using these exploits are still ongoing.” – Microsoft
This hacking incident is a much more dangerous precedent. It has the potential to affect a million organizations that use SharePoint to organize all of their important digital documents. Security fears regarding on-premises solutions have been increasing. Businesses and government agencies should stay on the front foot to meet these challenges head on.