Numerous organizations and some government agencies around the globe have been compromised in recent days as hackers exploit a vulnerability in older versions of Microsoft's file-sharing tool SharePoint. The vulnerability was discovered in versions of the software hosted by the customers themselves, as opposed to Microsoft's cloud, early this month, but the fix Microsoft released soon after was flawed. Cybersecurity researchers have now detected breaches on more than 100 servers representing 60 victims, including government agencies, businesses, and universities in the US, Europe, and Asia. Among them: the US Education Department, National Institutes of Health (NIH), and National Nuclear Security Administration (NNSA), per Bloomberg and the Washington Post.
The NNSA, which oversees and maintains US nuclear weapons, was hit beginning Friday, Bloomberg reports, though the Department of Energy said no sensitive or classified data was gained. It described minimal impacts "due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems" and said the NNSA "is taking the appropriate action to mitigate risk and transition to other offerings as appropriate," per Wired. A Homeland Security rep said one NIH server was compromised, but "we have no indication that any information was exfiltrated," per the Post. Systems belonging to Florida's Department of Revenue and the Rhode Island General Assembly were also reportedly compromised.
Experts say hackers stole usernames, passwords, and other sign-in credentials that allow them to impersonate users or services even after the server is patched, per Bloomberg. "What makes this especially concerning is SharePoint's deep integration with Microsoft's platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker," says cybersecurity expert Michael Sikorski. Microsoft, which released what Wired calls "a fix for the fix" this week, identified several China-based hacking groups that exploited the vulnerability, including two backed by the Chinese government, though the Chinese Embassy in Washington denied responsibility while complaining of "unfounded speculation."
,
uBlock 
,
and
Ghostery 
)
