- Around 100 organizations have been attacked by Microsoft SharePoint’s vulnerability
- The series of cyber attacks seems to be the work of Chinese hackers
- Vulnerability has left up to 8,000 servers at risk
A cybernetic campaign that exploits Microsoft SharePoint’s problem of Microsoft recently revealed has been aimed at approximately 100 organizations, compromising server software and mainly pressing government agencies in the United States and Germany, experts warned.
Google issued a statement in which it attributed at least some of the attacks on a “threat actor from China -Nexus”, and warned against a greater expansion of the threat, although the Chinese embassy has denied it.
Microsoft recently launched urgent security failures to address zero day vulnerability that affected SharePoint servers, which have been abused in attacks since July 18, and according to reports, victims include a private energy operator in California, as well as a private firm of Fintech in New York.
China-Nexus threat actors
“Cyber attacks are a common threat that all countries face, including China. China firmly opposes and fights all forms of cyber attacks and cyber crimes, a position that is consistent and clear. At the same time, we also firmly oppose to stain others without solid evidence,” said the Chinese embassy. Techradar Pro.
“We hope that the relevant parties adopt a professional and responsible attitude by characterizing cyber incidents, based on their conclusions on sufficient evidence instead of infused speculation and accusations.”
The attacks saw computer pirates extract cryptographic keys from servers managed by Microsoft clients. The keys would then allow them to install almost anything, including malware or rear doors that hackers could use to return.
Only SharePoint’s versions housed by the client, instead of the cloud, are vulnerable. These types of attacks could allow attackers to steal corporate secrets or install ransomware to encrypt key files.
“We evaluate that at least one of the actors responsible for this early exploitation is a threat actor from China-Nexus,” said Charles Carmakal, director of Technology at Google’s Consulting Consulting.
“It is essential to understand that multiple actors are now actively exploiting this vulnerability. We completely anticipate that this trend will continue, since several other threat actors, driven by various motivations, will also take advantage of this exploit.” He continued.
Researchers say that until now, attacks can be attributed to a single hacker or a set of hackers, instead of a large number, but there have been a wide range of objectives and a large number of potential objectives, with some researchers who estimate up to 8,000 vulnerable servers.
Although the update should avoid a new intrusion, users must also rotate the keys of the machine, look for any lost violation and implement the antimalware scan interface (AMSI) and the antivirus software.
