Microsoft’s collaborative software would have been the target of a large cyber attack.
According to several international media, including the Washington Post, IT pirates have exploited a Zero -Day flaw within SharePoint, the on -site version of the famous collaboration tool for the American publisher. Their offensive targeted administrations, companies and university establishments in the United States.
A breach operated in SharePoint
The first reports indicate that damage is not limited to North America. European and Asian organizations would also be among the victims. Compromise entities include federal and local government agencies, players in the energy sector, universities and telecom operators.
Good news, however: Microsoft’s cloud environments, such as SharePoint Online or Microsoft 365, would not have been affected.
Faced with the severity of the attack, the American Cybersecurity and Infrastructure Protection Agency (CISA) is currently carrying out a joint investigation with the Canadian and Australian governments. Microsoft has published an emergency corrective, but it only covers one version of SharePoint. Other software variations remain vulnerable, fueling experts’ concern.
What makes this attack particularly worrying is the precision of targeting. Pirates have targeted infrastructure where SharePoint is used as an internal server. According to the first analyzes, they managed to steal a encryption key, offering them the possibility of later returning to compromise systems.
The identified intrusion vector connects SharePoint to strategic services such as Outlook and Teams, raising the massive flight of e -mails and passwords. If data deletions seem limited, the compromise of these keys opens the way to future infiltration.
Increasingly sophisticated hackers
This offensive occurs when Microsoft had just published a patch for a similar fault a few weeks ago. The attackers seem to have analyzed these previous vulnerabilities to develop new methods.
Google’s Threat Intelligence Group has confirmed that a malicious actor exploits this flaw well. Their modus operandi is as follows: install a script, deploy a shell web and exfiltrate encrypted data from the compromise server.
« The answer cannot be limited to the application of fixes“Warns Charles Karmakal, technical director at Google Cloud Mandiant Consulting. “”All companies and organizations must imperatively verify the absence of infection in their systems and without delay the necessary remediation measures. »