A vulnerability in on-premise SharePoint servers, referred to as ToolShell, enables hackers to execute code on networks. Microsoft reports that this flaw is exploited actively, prompting immediate updates for systems, although SharePoint 2016 lacks a fix. Eye Security identified approximately 100 compromised organizations, mainly in the US and Germany. Multiple hacker groups, including one potentially tied to China, are exploiting this vulnerability. The UK's National Cyber Security Centre has confirmed attacks in the UK and encouraged compromised companies to report incidents.
"Who knows what other adversaries have done since to place other backdoors," Vaisha Bernard, chief hacker at Eye Security, told.
Daniel Card of PwnDefend: "The SharePoint incident appears to have created a broad level of compromise across a range of servers globally."
"At least one of the actors responsible for this early exploitation" is linked to China, he noted.
The NCSC said that attacks making use of the SharePoint flaw had been detected in the UK.
Collection
[
|
...
]