Africa-Press – Zambia. Hackers connected to the Chinese government were behind at least some of the widespread attacks in the past few days on organizations that use collaboration software from Microsoft, defenders working on the intrusions said in interviews.
The breaches in the United States and other countries took advantage of a disastrous security flaw that drew attention this month, after Microsoft issued a patch that fixed only part of the problem in SharePoint, which is widely used to coordinate work on documents and projects.
“We assess that at least one of the actors responsible for this early exploitation is a China-nexus threat actor,” said Charles Carmakal, chief technology officer of Google’s Mandiant Consulting.
Microsoft said Tuesday it had seen three separate Chinese groups participating in the attacks, including two it knew to be backed by the government.
Another researcher, who, like others, spoke on the condition of anonymity because the inquiry is still underway, said federal investigators have evidence of U.S.-based servers linked to compromised SharePoint systems connecting to internet protocol addresses inside China on Friday and Saturday.
The FBI, the White House, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency declined to comment Monday.
Two other responders working with the U.S. government said they had identified early attacks from China as well.
The Chinese Embassy in Washington said China and other countries are also affected by hacking, but did not directly address questions about the attacks.
“China firmly opposes and combats all forms of cyber attacks and cyber crime — a position that is consistent and clear,” the Embassy said in an email. “At the same time, we also firmly oppose smearing others without solid evidence.”
The attacks allowed hackers to extract cryptographic keys from servers run by Microsoft clients. Those keys, in turn, would let them install anything, including back doors that they could use to return. Federal and state agencies were affected, researchers previously told The Washington Post, but it remains unclear which of them were vulnerable to follow-up attacks.
For More News And Analysis About Zambia Follow Africa-Press
