Microsoft Admits SharePoint Servers Were Attacked by Chinese Hackers
The US National Nuclear Security Administration has reportedly been breached.
Microsoft
Microsoft's SharePoint is meant to help users manage content, collaborate, customize workflows, and create team sites "with advanced security and governance controls built in." Alas, this security is not so secure, as the company reported a breach in its servers, which suffered attacks against on-premises servers that exploit spoofing and remote code execution vulnerabilities.
Microsoft says that the threat comes from Chinese nation-state actors, Linen Typhoon, Violet Typhoon, and Storm-2603, "exploiting these vulnerabilities to deploy ransomware. Investigations into other actors also using these exploits are still ongoing. With the rapid adoption of these exploits, Microsoft assesses with high confidence that threat actors will continue to integrate them into their attacks against unpatched on-premises SharePoint systems."
It is said that around 100 organisations were compromised, including the US National Nuclear Security Administration, according to Bloomberg, but no sensitive information was compromised, thankfully.
Reuters states that Microsoft knew about the security flaw, which was identified at a hacker competition in May, but its solutions were ineffective. However, further patches resolved the issue.
"Microsoft recommends customers to use supported versions of on-premises SharePoint servers with the latest security updates. To stop unauthenticated attacks from exploiting this vulnerability, customers should also integrate and enable Antimalware Scan Interface (AMSI) and Microsoft Defender Antivirus (or equivalent solutions) for all on-premises SharePoint deployments and configure AMSI to enable Full Mode as detailed in Mitigations section below. Customers should also rotate SharePoint server ASP.NET machine keys, restart Internet Information Services (IIS), and deploy Microsoft Defender for Endpoint or equivalent solutions."
A year ago, TV channels, airlines, banks, and other infrastructure faced a huge Windows glitch related to CrowdStrike's cybersecurity software, stopping all work in many industries. Hopefully, we won't see any more security breaches from the company anytime soon.
Join our 80 Level Talent platform and our new Discord server, follow us on Instagram, Twitter, LinkedIn, Telegram, TikTok, and Threads, where we share breakdowns, the latest news, awesome artworks, and more.
