Microsoft Reveals Chinese Hackers Who Attack SharePoint Servers

Microsoft identified the SharePoint server attacker (photo: dock. Freepic)

JAKARTA Microsoft finally gave a statement regarding the attack incident targeting the SharePoint server. The company stated that the attack came from China.

Based on Microsoft's monitoring results, there were two cybercriminals who were identified in the SharePoint attack. These two bad actors are said to be 'exploiting vulnerabilities' by targeting the SharePoint server connected to the internet.

"Until this writing was written, Microsoft has observed two actors of Chinese nation countries whose names have been mentioned, Linen Typhoon and Violet Typhoon," Microsoft said in a statement, quoted on Wednesday, July 23.

In addition to the two criminals, Microsoft also found other threats that also exploited similar vulnerabilities. These cybercriminals were also identified as Chinese under the name Storm-2603.

Although Microsoft has identified a number of perpetrators, the exploit targeting the SharePoint server is certainly still ongoing. Therefore, users are required to update their SharePoint with an updated level of security.

"Investigation of other actors who also use this exploit is still ongoing. Microsoft assesses with high confidence that threat actors will continue to integrate their attacks on local SharePoint systems that have not been patched," Microsoft explained.

In addition to switching to updated SharePoint server versions, users are also asked to integrate and enable Antimalware Scan Interface (AMSI) and Microsoft Defender Antivirus (or equivalent solutions). This needs to be done so that attacks can be overcome.

Serangan ini telah menimbulkan sejumlah kerugian. Berdasarkan laporan Eye Security, mengutip dari The Verge, ada 54 organisasi yang diretas. Ini termasuk universitas swasta, operator energi swasta di California, dan organisasi kesehatan pemerintah federal.

As a result, a lot of sensitive data, including passwords, belonged to a leaked organization. Hackers are known to be able to move between connected services so that security risks also increase.