Cyberattacks based on Microsoft SharePoint flaws do damage in the world. Several American government agencies have been targeted by pirates affiliated to China. This is the case of the nuclear security agency in the United States.
Two vulnerabilities were discovered within SharePoint, the platform of Document sharing and online collaboration with Microsoft. The publisher quickly corrected the two gaps, but hackers discovered the means of bypassing the fix.
By exploiting these two faults, cybercriminals have launched a series of cyber attacks against hundreds of servers belonging to dozens. Eye Security believes that Over 400 servers and more than 140 organizations around the world have been affected by the cyber attack wave. According to Microsoft and Google, the attacks were orchestrated by Chinese criminal groups, such as Linen Typhon and Violet Typhon. These groups are “Affiliated to the Chinese government”says Microsoft.
Read also: Ransomware alert – Interlock hackers multiply cyber attacks, alerts the FBI
Cyber attack against the agency responsible for American nuclear weapons
Near a week after the start of the attacks, many government agencies in the United States were affected. The pirates compromised the systems of the American Ministry of Education, the Florida Revenue Department, and the General Assembly of Rhode Island. This is also the case for the National Nuclear Security Administration (NNSA), the American Federal Agency Nuclear weapons in chargewhich ended up in the sights of the pirates last week. The United States Ministry of Energy reveals that cybercriminals have had access to the agency’s computer networks.
Questioned by Bleeping ComputerBen Dietderich, ministry spokesperson, declares that “The exploitation of a zero-day flaw in Microsoft SharePoint began to affect the Ministry of Energy, including the NNSA” Around Friday July 18. According to him, “Only a few systems have been affected”because the agency has “Particularly robust cybersecurity systems”. All systems are currently being restored. Apparently, No sensitive data has been stolen During the offensive. This is an anonymous source within the agency to Bloomberg. To tenable, the attack “ constitutes a new urgent reminder of the issues we face » :
“It is not only an isolated flaw, but the way in which actors use these breaches in an organized manner to take advantage of them in the long term. The alleged Chinese state groups involved in this attack are known to use stolen identifiers to install lasting backdoors. Even when the initial vulnerability has been corrected, these attackers can therefore remain hidden within a network, ready to launch future espionage campaigns. When an organization detects a new intrusion, the damage is already done ”.
“The most sensitive and potentially dangerous information in the world”
The NNSA is responsible for watching to what existing nuclear weapons be safe, reliable and effective, and works has prevent the dissemination of these to hostile countries. The organization is also responsible for the production and dismantling of American nuclear weapons. As Edwin Lyman, Director of Nuclear Security at the Union of Countd Scientists, explains, the NNSA holds “Some of the most sensitive and potentially dangerous information in the world”more “The networks containing these classified data are isolated from the Internet”. In fact, “Even if these networks were compromised, I do not know how such information could have been transmitted to opponents” of the United States, adds the expert.
This is not the first time that the federal agency has been found in the cybercriminals crosshairs. In 2020, Russian hackers launched A vast spy operation on the NNSA by exploiting the famous Falarwinds flaw.
Other countries, such as Germany, Spain or Brazil, have also been struck by attacks based on SharePoint flaws. While the number of attacks continues to increase, Microsoft recommends that all organizationsInstall the latest fixes of SharePoint. The publisher has indeed deployed a new update to clog vulnerabilities.
🔴 To not miss any 01net news, follow us on Google News and Whatsapp.
Source :
Bleeping Computer
