In particular, when exploiting two of these vulnerabilities, hackers can gain deep control over the system and maintain long-term access. This is an "ideal environment" for APT (Advanced Persistent Threat) espionage campaigns, stealing or encrypting sensitive data.
These vulnerabilities are being exploited in a wide range of countries. At least 85 SharePoint servers have been infected with web shell malware, affecting 29 organizations globally. Among the victims are many multinational corporations and government agencies, including the US National Nuclear Security Administration (NNSA).
In Vietnam, SharePoint Server is used in document management at many agencies, organizations and large technology and financial enterprises. Up to now, although there have been no recorded cases of attacks, the risk of being exploited by these vulnerabilities is assessed at a very high level, especially at units that are deploying SharePoint Server according to the on-premise installation model without timely updating and patching.
The attack can originate from a point in the internal network, using sophisticated techniques that are difficult to detect. Hackers can secretly install malware on an internal workstation, from there silently scanning, expanding control and gradually taking over the entire system.
APT attack groups often take advantage of times like this, when systems have unpatched vulnerabilities, to infiltrate and maintain a long-term presence. Therefore, Bkav especially recommends that system administrators urgently review and tighten internal access rights to prevent the risk of being attacked from within.
For ministerial-level agencies that delegate access rights to local units, it is necessary to immediately review and limit these rights if the system has not been patched or has not been thoroughly remedied. Patching of vulnerabilities should be done as soon as possible.
It is necessary to strengthen monitoring measures, limit external access, deploy web application firewalls (WAFs), monitor system access logs, and establish early warning mechanisms when there are signs of abnormalities.
For units that do not have a specialized information security team, they should proactively contact incident response centers for timely advice and support.
SharePoint Server is a document management and enterprise collaboration platform developed by Microsoft. The system allows for centralized document storage, sharing, searching and management, and supports the construction of intranet websites, corporate portals, and deep integration with Microsoft Office and Microsoft 365 to improve team productivity.
Source: https://nhandan.vn/nguy-co-tan-cong-apt-tu-loat-lo-hong-tren-phan-mem-sharepoint-server-cua-microsoft-post896733.html
Comment (0)