Jump to content

Hackers are using a years-old Microsoft vulnerability to attack governments around the world


Recommended Posts

Install those software updates!



“It’s fascinating that here we are, three and a half years after the patches have been available, and it’s still being used in the wild actively by threat actors,” Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative



SharePoint’s widespread use by financial institutions, multinational companies, and government agencies has made it an appealing target for hackers all over the world. In 2019, the Canadian Center for Cyber Security and the Saudi National Cybersecurity Authority both reported attacks like the one against the U.N. The same year, notorious hacking group Emissary Panda, or APT27 — allegedly backed by the Chinese government — attacked SharePoint servers belonging to two governments in the Middle East by exploiting CVE-2019-0604, according to cybersecurity firm Palo Alto Networks. Also in 2019, Iranian state-backed actors used it to attack an unnamed Middle Eastern energy company. In 2020, unknown hackers struck two municipalities in the U.S., and the Australian government disclosed the SharePoint systems were used against multiple targets in the country. The Australian Cyber Security Centre described the attacks as “the most significant, coordinated cybertargeting against Australian institutions the Australian Government has ever observed.” In 2021, hacker gang Hello/WickrMe used it to launch several ransomware attacks.



Microsoft fumbled the patching process, requiring three separate updates in as many months. And the patches themselves were flawed — within an hour after Microsoft released the first patch, the same researcher who discovered CVE-2019-0604 had already bypassed the patch. “We’ve got bad patches and unclear communication around them that are causing the industry to be slow adopting what are in a lot of ways really critical updates,”



the problem is that organizations that use SharePoint have not patched it yet, in part because the patching process is not straightforward. “SharePoint patching is also notoriously complicated — it would be quicker to watch the extended versions of The Hobbit trilogy and The Lord of the Rings trilogy back to back than try to update the average large SharePoint farm,”



Companies that rely on sales tend to focus on developing new products rather than fixes for systems they’ve already sold, according to Childs at Zero Day Initiative, which means developing patches is rarely at the top of the list. “The state of patching really has not progressed much in the last 15 years,” said Childs, adding that as many as 20% of vulnerabilities his organization pays researchers for are from failed patches. “It’s kind of astonishing.”




  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...