According to a research group, the number of businesses and organisations impacted by a security flaw in Microsoft Corp.’s SharePoint servers is growing quickly, with the number of victims more than six times increasing in a matter of days.
Dutch Firm Reveals Surge in SharePoint Exploits
According to estimates from Eye Security, a Dutch cybersecurity firm that detected an early wave of the attacks last week, hackers have gained access to approximately 400 government organisations, businesses, and other organisations.
Its prior estimate, which it gave to Bloomberg News on 22 July, was about 60. The majority of victims are in the United States, followed by Mauritius, Jordan, South Africa, and the Netherlands, according to the security firm. According to a previous Bloomberg article, one of those compromised was the National Nuclear Security Administration, the US organisation in charge of creating and managing the country’s nuclear weapons stockpile.
Geopolitical Context: US-China Cyber Tensions Rise
The hacks, which coincide with increased tensions between Washington and Beijing over international security and trade, are among the most recent significant breaches that Microsoft has at least partially attributed to China.
Over the course of several decades, the US has frequently denounced China for purported efforts that have stolen corporate and government secrets. In an email to Bloomberg News, Vaisha Bernard, a co-owner of Eye Security, indicated that the company believes the actual figure may be significantly higher because there may be numerous additional covert techniques to breach systems that do not leave any evidence.
Other opportunistic adversaries continue to take advantage of servers that are weak, and this is continually evolving. According to Bernard, many companies involved in government, education, and technological services are among those hacked in the SharePoint hacks. In South America, Asia, the Middle East, and Europe, the number of victims was lower.
How the SharePoint Flaw Was Exploited?
The security holes provide hackers access to SharePoint servers and the keys they need to pretend to be users or services, which might give them deep access to infiltrated networks and allow them to steal private information.
Although experts warned that hackers might have already gained access to numerous servers, Microsoft has released updates to address the vulnerabilities. On July 22, Microsoft accused Linen Typhoon and Violet Typhoon, two Chinese state-sponsored hackers, of being responsible for the attacks. According to Microsoft, these were also abused by another Chinese hacker collective known as Storm-2603.
The Redmond, Washington-based business has frequently accused China of being behind significant hacks. Tens of thousands of Microsoft Exchange servers were infiltrated in 2021 by a claimed Chinese operation. Another purported Chinese attack on Microsoft Exchange in 2023 exposed the email accounts of top US leaders. Following the 2023 incident, a US government review accused Microsoft of a “cascade of security failures.”
Leave a Reply