- A hundred organizations have been targeted by the Microsoft SharePoint vulnerability
- The series of cyber attacks seems to be the work of Chinese pirates
- Vulnerability has left up to 8,000 risky servers
A Cyberespionage campaign exploiting the recently revealed Microsoft SharePoint problem has targeted approximately 100 organizations, compromising server software and mainly hitting government agencies in the United States and Germany, have warned experts.
Google published a statement in which he attributed at least some of the attacks to a “threat actor in China -xus” and warned against the new expansion of the threat – although the Chinese Embassy denied him.
Microsoft has recently published urgent security defect to combat zero-day vulnerability that affected SharePoint servers, who have been abused in attacks since July 18, with victims including a private energy operator in California as well as a private fintech company in New York.
Threat actors of China-Xexus
“Cyberattacks are a common threat confronted with all countries, China included. China is firmly opposed and fights all forms of cyber attacks and cybercrimes – a coherent and clear position. Techradar Pro.
“We hope that the relevant parties will adopt a professional and responsible attitude during the characterization of cyber-incidents, based on their conclusions on sufficient evidence rather than unusual speculation and accusations.”
The attacks have seen hackers extract the cryptographic keys from the servers led by Microsoft customers. The keys would then allow them to install almost anything – including malware or rear tont that pirates could use to return.
Only the SharePoint versions hosted by the customer, rather than by the cloud, are vulnerable. These types of attacks could allow attackers to steal corporate secrets or install ransomware to encrypt key files.
“We assess that at least one of the players responsible for this early exploitation is an actor in the threat of China -xus,” said Charles Carmakal, director of technology at Google Mandiant Consulting.
“It is essential to understand that several actors actively exploit this vulnerability. We fully plan that this trend will continue, because various other threat actors, motivated by various motivations, will also hold this feat. He continued.
Researchers say that so far, attacks can be attributed to a single pirate or a set of pirates, rather than a large number – but there have been a wide range of targets and a large number of potential targets – some researchers estimated up to 8,000 vulnerable servers.
While the update must prevent new intrusions, users will also have to rotate the machine keys, find all missed violations and deploy the anti-logician digitization interface (AMSI) as well as antivirus software.
