Microsoft Aware of SharePoint Security Vulnerability Yet Did Not Act
A recent security patch from Microsoft has failed to fully address a critical vulnerability in its SharePoint server software, potentially enabling a widespread global cyber espionage campaign. The flaw, first identified during a hacker competition in May, has already been exploited by multiple hacking groups, including two believed to be linked to China. As the situation unfolds, Microsoft has acknowledged the shortcomings of its initial fix and has since released additional patches to mitigate the issue.
Initial Flaw and Exploitation
The vulnerability in SharePoint was first discovered at a Berlin hacking competition organized by Trend Micro, where participants were incentivized to find security flaws in popular software. A researcher from Viettel, a telecommunications firm associated with Vietnam’s military, identified the bug, named it “ToolShell,” and demonstrated its exploitability, earning a $100,000 reward. Following the discovery, Microsoft classified the flaw as critical and released patches in July. However, just ten days later, cybersecurity firms reported a surge in malicious activity targeting SharePoint servers, indicating that the initial patches were ineffective.
Scope of the Cyber Espionage Campaign
The cyber espionage effort has reportedly targeted around 100 organizations over a recent weekend, with the potential for further spread as more hackers become involved. Microsoft has indicated that two Chinese hacking groups, “Linen Typhoon” and “Violet Typhoon,” are among those exploiting the vulnerability, alongside a third group also believed to be based in China. The U.S. National Nuclear Security Administration was among the agencies affected, although reports suggest that no sensitive or classified information has been compromised. The situation remains fluid, with the number of potentially vulnerable servers estimated to exceed 9,000, primarily located in the United States and Germany.
Responses and Ongoing Investigations
In response to the ongoing threat, Microsoft has released additional patches aimed at addressing the vulnerability. However, cybersecurity experts have noted that threat actors have developed exploits that appear to bypass these fixes. The Shadowserver Foundation, which monitors internet vulnerabilities, has reported that a significant number of servers remain at risk, with many located within critical sectors such as finance, healthcare, and government. Germany’s federal office for information security has stated that while some government networks are vulnerable, they have not found any compromised SharePoint servers.
China’s Denial and International Implications
The Chinese government has consistently denied involvement in cyberattacks, with its embassy in Washington stating that it opposes all forms of cyber aggression and condemning the attribution of such actions without solid evidence. Despite these denials, both Microsoft and Google have indicated that the initial wave of attacks is likely linked to Chinese hackers. As the investigation continues, the international community remains vigilant, monitoring the situation for further developments and potential implications for cybersecurity protocols worldwide.
Observer Voice is the one stop site for National, International news, Sports, Editorโs Choice, Art/culture contents, Quotes and much more. We also cover historical contents. Historical contents includes World History, Indian History, and what happened today. The website also covers Entertainment across the India and World.
Follow Us on Twitter, Instagram, Facebook, & LinkedIn
