JAKARTA A vulnerable version of Microsoft’s server software-centric cyber-espionage campaign now involves the spread of ransomware. This was stated in Microsoft’s statement in a blog post on Wednesday night, July 23.
In the post, citing “extended threat analysis and intelligence,” Microsoft said a group they called “Storm-2603” used this vulnerability to spread ransomware. Ransomware usually cripples the victim’s network until payments in the form of digital currencies are made.
This disclosure marks the potential for escalation in cyber campaigns that have attacked at least 400 victims, according to Dutch-based cybersecurity firm Eye Security. Unlike a state-backed hacking campaign that usually aims to steal data, ransomware can cause widespread disruption, depending on where it lands.
The figure of 400 victims is a sharp increase from 100 organizations recorded over the weekend. Eye Security says the figure is likely lower than reality.
“There are more, because not all attack vectors leave artifacts that we can scan,” said Vaisha Bernard, head of hackers at Eye Security, who was one of the first organizations to identify the attack.
Details of most of the victims’ organizations have not been fully disclosed. However, on Wednesday, representatives from the National Institutes of Health (NIH) confirmed that one of their organization’s servers had been compromised. “An additional server was isolated as a precaution,” he said. News of this compromise was first reported by the Washington Post.
Other media reported that the hacking campaign had broken into various broader US agencies. NextGov, citing several people familiar with the matter, reported that the Department of Homeland Security (DHS) had been hit, along with more than five to 12 other agencies. Politico, citing two US officials, said several agencies believed to have been compromised.
The DHS cyber defense division, CISA, did not immediately respond to messages asking for comment related to the report. Microsoft also did not immediately reply to messages for further details on the ransomware point of view of the reported hacking or government casualties.
The espionage campaign began after Microsoft failed to fully patch security holes in its SharePoint server software, prompting efforts to fix the vulnerability when it was discovered. Microsoft and its tech competitor Alphabet, Google owners, both say Chinese hackers are among those who take advantage of the gap. Beijing itself denies these claims.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language.
(system supported by DigitalSiber.id)
