This is about a vulnerability in Microsoft's service Sharepoint, which is used by companies and organizations around the world to manage their internal networks.
Over the weekend, Microsoft sounded the alarm that they had discovered a backdoor some time ago, and that customers' servers had been open to intrusion since an update had failed to plug the hole.
The IT giant also points out hacker groups in China, with ties to the Chinese state, for the attack. The Chinese embassy in Washington has in turn dismissed the allegations as "slander without concrete evidence".
Also in Sweden
Marcus Murray is a cybersecurity expert and founder of the company Truesec, which conducts monitoring of a large part of Swedish companies' and authorities' computers. He says that Swedish organizations have also been affected.
We saw this one already twelve hours before Microsoft released the information. We managed to stop it early, but then it was already in full swing even in our region.
The current intrusions are mostly about collecting sensitive information, rather than sabotage or extortion, explains Murray.
The Chinese modus operandi is much about stealing intellectual property and information that they can use in competition with the West or against our companies. This also makes it harder to detect. The damage comes in the long run and in a more subtle way.
"Inside the door"
At the same time, there is a risk that other hackers may also have been tempted to exploit the opening.
The criminal world within cybersecurity works that way. When a vulnerability is known, everyone tries to exploit it. If you take control of a Sharepoint, you can also use it as a springboard for sophisticated attacks like ransomware, says Murray.
He urges all potentially affected parties to conduct thorough investigations – even if they have updated the system with the latest fix from Microsoft.
Even if you have changed the lock, you do not know if you have an attacker inside the door.
