Read more
Hackers reportedly breached hundreds of government agencies and companies around the world by exploiting a vulnerability in Microsoft’s SharePoint server software.
Most of the victims are in the US, followed by Mauritius, Jordan, South Africa and the Netherlands. Picture: iStock
As South Africa continues to be a target of cybercriminals, ranking 27th globally among the most breached countries, the National Treasury (NT) has confirmed that it found malware on its Infrastructure Reporting Model website, an online infrastructure reporting and monitoring system.
Treasury stated the issue was related to the recent attacks on SharePoint, a widely used web-based platform developed by Microsoft for collaboration and document management.
Government agencies
Hackers reportedly breached hundreds of government agencies and companies worldwide by exploiting a vulnerability in Microsoft’s SharePoint server software.
Most of the victims are in the US, followed by Mauritius, Jordan, South Africa and the Netherlands.
ALSO READ: South Africa remains a global hotspot for data breaches
The National Nuclear Security Administration, the US agency responsible for maintaining and designing the nation’s cache of nuclear weapons, was among those breached, Bloomberg reported earlier.
SA Treasury
Microsoft issued patches for two versions of the software, noting that one, SharePoint 2016, remains vulnerable to attacks.
“Considering recent media reports since Sunday regarding security incidents affecting Microsoft platforms in the USA, NT has requested Microsoft’s assistance in identifying and addressing any potential vulnerabilities within its Information and Communication Technology (ICT) environment,” Treasury said.
Malicious activities
Treasury said it processes over 200 000 emails each day and facilitates more than 400 000 user connections through its websites daily.
“On average, the NT ICT team successfully detects and blocks approximately 5 800 security threats directed at NT systems every day, showcasing the department’s commitment to maintaining a secure digital environment.
ALSO READ: Data breaches cost SA organisations over R360m in 3 years
“These threats encompass a range of malicious activities, including phishing attempts, malware infections, and spam attacks,” Treasury said.
Treasury added that despite these events, its systems and websites continue to operate normally without any disruption.
‘China blamed’
The newly discovered security flaws in SharePoint enable hackers to access SharePoint servers and steal keys that can allow them to impersonate users or services, potentially granting deep access to compromised networks and enabling the theft of confidential data.
Microsoft accused Chinese state-sponsored hackers known as Linen Typhoon and Violet Typhoon of being behind the attacks on Tuesday.
Another hacking group based in China, which Microsoft refers to as Storm-2603, also exploited them, according to the company.
The hacks are among the latest major breaches that Microsoft has attributed, at least in part, to China, and they come amid heightened tensions between Washington and Beijing over global security and trade.
The US has repeatedly accused China of campaigns that have allegedly stolen government and corporate secrets over a period spanning decades.
ALSO READ: Microsoft working on global outages, Capitec says banking services restored
