Recently, government officials and private researchers from Eye Security and Unit 42 at Palo Alto Networks discovered a zero-day vulnerability (unknown until the time of the attack) in Microsoft’s SharePoint servers that was exploited by hackers to breach sensitive data globally.
SharePoint is an enterprise content management and collaboration platform that enables intranets, document and data management within organizations. Reported victims include U.S. government agencies, universities, energy companies, Asian telecommunications and European institutions.
IT specialists found that attackers obtained access codes, potentially allowing further breaches even after the patches were applied. Patches, also known as fixes or bugfixes, are software changes created to correct problems and improve security or add functionality.
A rare form of “wiper” attack, a software designed to permanently erase data, has also been detected. However, in most cases it was only the theft of keys, i.e., strings of data critical to ensuring digital security in various applications, from email protection to server access and digital signatures.
FBI, Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity agencies in Canada and Australia are investigating. Meanwhile, the Center for Internet Security (CISA’s partner) has warned about 100 entities, but the response has been slowed by cuts in CISA’s operational staff, which has been reduced by 65 percent.
This attack highlights serious security flaws at Microsoft, which has received criticism for being slow to release updates and for involving Chinese engineers in DOD-related projects. Experts fear global impacts on government agencies, critical infrastructure and academic institutions. Authorities continue to monitor the situation, awaiting comprehensive patches and effective countermeasures.
