After the operation of a security failure assigned to Chinese groups, a Microsoft American Mastodon software is in the heart of strong concerns, while several hundred organizations may have been attacked.
If this type of incident is not the first for the group, the scope of the potential objectives and the speed of exploitation of the failures are widely discussed.
On Saturday, July 19, the Dutch company Eye Security publicly mentioned several attacks carried out thanks to a safety defect in SharePoint files exchange software, which leads to a reaction from the US group that formalized the existence of the violation the same day.
Vulnerabilities, which open third parties to recover, without authorization, identifiers and then access SharePoint servers, “only SharePoint local servers affect,” Microsoft said, instead of the use of SharePoint in the cloud.
• What are the specific organizations?
According to ocular security, “more than 400 systems actively committed for four waves of confirmed attacks were discovered.”
According to Bloomberg, several state organizations in Europe, the Middle East and in the United States, including the Federal Agency of the United States by Nuclear (NNSA), have been attacked.
“SharePoint local servers, particularly in governments, schools, the health sector (including hospitals) and large companies, are exposed to an immediate risk,” warns the search team of the American company Palo Alto Networks, in a note published online.
Microsoft did not communicate with the number of victims of the attacks. According to the latest figures published by Microsoft, in 2020, SharePoint had more than 200 million active users.
• Who are the attackers?
Microsoft named three groups on Tuesday as managers of organized attacks. The first two, called Lino and Typhoon Violet typhoon, are qualified as Chinese state actors, while a third storm-2603 “, is considered with moderate confidence as a threatening actor based in China.”
According to the group, the first two actors, who have operated since 2012 and 2015, respectively, are known for “the intellectual property flight” and espionage. With respect to the third, the company indicates that it cannot determine its motivations with certainty.
“Surveys on other players who also use these exploits are still underway,” said Microsoft, who highlighted the high risk that other malicious players exploit the defect of uninformed servers.
In his blog Zataz, cybersecurity expert Damien Bancal pointed out on Wednesday the publication in a well -known site of “an operating code (of the failure) ready to use.”
• Why is it aimed at Microsoft?
“This new incident continues a series of sophisticated attacks of state groups against the Microsoft ecosystem,” said Damien Bancal. In 2021, an attack campaign led by Chinese group Silk Typhoon had committed “tens of thousands of servers” of exchange messages.
With the software used worldwide, and by critical organizations, the Redmond firm (Washington State) is an objective of choice for malware.
Especially because these software used daily “can protect confidential intellectual properties, strategic planning documents and internal communications,” said Shane Barney, head of information systems for the KEEPER of the US company.
“Microsoft is not the goal, it is its customers, the Microsoft software is just a medium, and tomorrow it could affect the software of another company,” insists with the AFP Rodrigue Le Bayon, at the head of the alert and reaction center to the attacks (cert) of Orange Cyberdefense.
• What is China’s role?
This type of cyber attacks “is not specific to China,” says Rodrigue Le Bayon, who points out the growing importance of computer attacks in the world.
However, China is recurrently designated by many companies, especially American, but also by states.
In 2024, several Western countries had already accused groups of computer pirates presented as supported by the Chinese state to carry out a global cyberspioning campaign against Beijing’s critical personalities, democratic institutions and companies in several sensitive sectors.
Source: BFM TV
