Chinese state-sponsored hackers are exploiting vulnerabilities in Microsoft's SharePoint software, impacting organisations worldwide, including the US agency responsible for nuclear weapon design. The attackers targeted self-hosted SharePoint versions, gaining access to file systems, running remote code, and stealing login credentials. Microsoft has released patches to address the exploited flaws.
The breach has affected various government and private organisations across the US, Europe and the Middle East. Impacted US agencies include the Department of Education, Florida's Department of Revenue, and the Rhode Island General Assembly. Security analysts warn that these breaches can expose internal systems and workflows, even without the compromise of classified data.
Microsoft recommends users implement the latest security updates and integrate Antimalware Scan Interface (AMSI) and Microsoft Defender Antivirus. The company notes that its cloud-based SharePoint Online service remained untouched, highlighting the different security risks between cloud-hosted and on-premises systems.
Related Articles
SharePoint Servers Under Cyberattack
Read more about SharePoint Servers Under Cyberattack →Microsoft Halts China-Based Engineering
Read more about Microsoft Halts China-Based Engineering →SharePoint Under Active Attack
Read more about SharePoint Under Active Attack →Microsoft Server Software Under Attack
Read more about Microsoft Server Software Under Attack →