"About 100 Organizations in the US and Germany Affected"
...Potential Risk to 8,000 Servers
It has been revealed that a hacking attack targeting Microsoft (MS) collaboration software, which is used by U.S. government agencies and companies for internal document sharing, has affected approximately 100 organizations. Some of these attacks are suspected to have involved groups linked to China.
According to Bloomberg and other sources on July 21 (local time), hackers exploited security vulnerabilities in MS's enterprise collaboration software, SharePoint. SharePoint is a tool used for document sharing, collaboration, and workflow automation. If hacked, there are concerns about the potential for internal document leaks or information manipulation.
On July 19, MS issued a security alert regarding the self-hosted version of SharePoint, stating that "ongoing attacks are currently underway." The self-hosted version is installed and operated on an organization's own servers, rather than being a cloud-based software.
This hacking incident was a so-called "zero-day" attack, in which previously undisclosed security flaws were exploited to infiltrate servers and install backdoors?covert access channels?enabling prolonged internal access to the organization.
Vaishaa Bernard, a hacker at Dutch cybersecurity firm Eye Security, stated that after discovering the hack at one of their client companies on July 18, they investigated the incident together with the Shadowserver Foundation, a cyber threat monitoring and response organization, and identified about 100 affected organizations. He said, "This is clearly a hack," and added, "No one knows what other backdoors may have been installed by other attackers." The Shadowserver Foundation confirmed this number, explaining that "most of the affected organizations are in the United States and Germany, and many are government agencies."
MS stated, "We have already provided a security update and are urging customers to install it immediately." The U.S. Federal Bureau of Investigation (FBI) also issued a statement saying, "We are aware of this attack and are working closely with federal and private sector partners."
While the group behind this hacking has not yet been definitively identified, Google announced through its internet traffic monitoring analysis that some of the attacks are "linked to organizations associated with China." Charles Carmakal, Chief Technology Officer (CTO) of Mandiant, Google's cloud security subsidiary, stated, "A hacking group linked to China is among those responsible for the initial wave of attacks," and added, "Multiple hacker groups are actively targeting SharePoint vulnerabilities."
Although this hacking appears to have primarily targeted government-related organizations, there are concerns that the potential victims could be much broader. According to data from Shodan, a search engine for internet-connected devices, there are more than 8,000 SharePoint servers online, and most of them may have already been compromised. These servers reportedly include those belonging to large corporations, banks, accounting firms, medical companies, U.S. state governments, and international government agencies.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
