JAKARTA - The cyber incident that attacked thousands of Microsoft SharePoint servers around the world that occurred last week is still a serious concern, especially by cybersecurity experts.
Microsoft has also issued a statement saying that the perpetrators came from China. In its report, the company said that the two state cyber actors Lien Typhoon and Violet Typhoon were identified as exploiting vulnerabilities on the SharePoint server connected to the internet.
Microsoft also confirmed that they managed to find an additional perpetrator named Storm-2603, also from China.
Although Microsoft has released a patch to patch the vulnerability, the attack is still ongoing on the pitch. This is reinforced by a statement by Igor Kuznetsov, Director of Global Research & Analysis Team (GREAT) at Kaspersky.
"Microsoft has already patched the vulnerability, however, at the same time, the vulnerability has been actively exploited by threat actors," Igor said in a statement received by VOI on Wednesday, July 23.
According to him, successful server compromise can lead to unauthorized access to internal data, authentication process disruption, long-range code execution, and prolonged attacker persistence in infrastructure.
SEE ALSO:
"This vulnerability may still be exploited even after being patched, unless organizations take additional steps such as rotating cryptography keys," he explained.
Kaspersky's internal telemetry data even shows that these exploits are taking place worldwide, including in Africa, Asia, the Middle East, and Russia.
To that end, Kaspersky urged all organizations using Microsoft SharePoint Server to immediately implement the latest update.
"Do a compromise assessment, and rotate the key to authentication as an important mitigation measure," he said.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
