Last month, the Microsoft office in New York City was in the spotlight due to a newly discovered critical flaw in Microsoft’s SharePoint platform. Hackers, including some affiliated with the Chinese government, have been exploiting this vulnerability, according to statements from Google and Microsoft.
The specific organizations that have fallen victim to these attacks have not been publicly disclosed yet, but the number is growing, with government agencies worldwide being affected. Charles Carmakal, the chief technology officer at Mandiant, which is Google’s cloud security service, shared this information with NBC News.
SharePoint functions as a shared version of Microsoft Office, facilitating direct collaboration within organizations. The flaw in the software, initially labeled as a “zero day” due to the absence of an immediate patch for protection, allows hackers to gain significant access to the computers of organizations that utilize SharePoint. Cloud customers were also impacted.
Although Microsoft confirmed that the flaw was being exploited, they only released a downloadable fix on Monday, leading organizations to rush to apply the patch while proficient hackers sought out potential unprotected targets. This incident is reminiscent of a similar situation in 2021 involving a vulnerability in Microsoft’s Exchange email program.
In a recent blog post, Microsoft revealed that at least three Chinese hacking groups, two of which have ties to Chinese intelligence, have been taking advantage of this flaw. The U.S. government, along with its allies and Western cybersecurity firms, often attribute cyber espionage activities to China, despite China typically downplaying such accusations.
A spokesperson from China’s Embassy in Washington did not directly address allegations of Chinese intelligence exploiting this vulnerability, but emphasized China’s firm opposition to all forms of cyber attacks and cybercrime. Both the White House and the Cybersecurity and Infrastructure Security Agency did not respond to requests for comments on the matter.
