Microsoft Fails To Fix Server SharePoint Vulnerabilities, Hundreds Of Organizations Target Attacks

Microsoft has not been able to handle the trains at SharePoint (photo: dock. microsoft)

JAKARTA A security update released by Microsoft last month failed to fully correct a critical gap in its SharePoint server software that it identified in May. This failure opens the door to widespread global cyber espionage operations, which until now are unknown who is the mastermind.

This ongoing cyberattack targeted about 100 organizations over the weekend. Nonetheless, Alphabet's Google, which has broad visibility of internet traffic, said it had linked at least some hacks to "an act of threat related to China".

The Chinese Embassy in Washington has not responded to requests for comment from the media. Beijing routinely denies carrying out hacking operations, although agents linked to the Chinese government are often involved in cyberattacks.

Microsoft itself has not commented on the patch and its effectiveness when contacted on Tuesday.

The vulnerability that facilitated this attack was first identified in May in a hacking competition in Berlin organized by cybersecurity firm Trend Micro.

The competition offers cash rewards for computer bug discovery on popular software, including a $100.000 reward for "zero day" exploits that could be used against SharePoint, Microsoft's flagship document management platform and collaboration.

A researcher who worked for cybersecurity unit Viettel, a telecommunications company operated by the Vietnamese military, identified the SharePoint bug at the event, named it 'ToolShell', and demonstrated its exploit method. The researcher was awarded 100,000 US dollars for the discovery.

Microsoft later stated in a security update on July 8 that it had identified the bug, listing it as a critical vulnerability, and releasing a patch to fix it.

However, about 10 days later, cybersecurity companies began to see increased malicious online activity targeting the same software that the bug should have fixed: the SharePoint server.

" Threat actors are then developing exploits that appear to pass through this patch," Sophos, a British cybersecurity firm, said in a blog post on Monday.

The number of potential targets of ToolShell is still very large. According to data from Shodan, the search engine that helps identify internet-connected equipment, more than 8,000 online servers are theoretically compromised by hackers.

The Shadowserver Foundation, which scans the internet for a potential digital vulnerability, estimates its figure to be slightly more than 9,000, while warning that the figure is the minimum figure.

The servers include large industry companies, banks, auditors, healthcare companies, and several US state-level government entities as well as international entities.