Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say
Thousands of entities potentially now vulnerable to attack
Hack likely work of one threat actor or group, researcher says
Unclear who is behind attacks
LONDON, July 21 (Reuters) - A global attack on Microsoft server software used by thousands of government agencies and businesses to share documents within organisations is likely the work of a single actor, a cybersecurity researcher said on Monday. Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day" because it was previously unknown to cybersecurity researchers.
"Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm.
That tradecraft included the sending of the same digital payload to multiple targets, Pilling added.
Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement.
It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre did not immediately respond to a request for comment.
The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses.
According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Hindustan Times
22 minutes ago
- Hindustan Times
US, China trade talks conclude with agreement to extend tariff truce
US President Donald Trump is set to make the final call on maintaining a tariff truce with China before it expires in two weeks, an extension that would mark a continued stabilization in ties between the world's two biggest economies. Scott Bessent, who led the US delegation with Jamieson Greer, later said 'our Chinese counterparts have jumped the gun a little.'(via REUTERS) The two sides agreed to extend their tariff truce, Chinese trade negotiator Li Chenggang told reporters in Stockholm without providing further details. Treasury Secretary Scott Bessent, who led the US delegation with Trade Representative Jamieson Greer, later said 'our Chinese counterparts have jumped the gun a little.' Asked on CNBC whether he'd recommend an extension of the pause, Bessent said he'd give Trump the facts, 'then he'll decide.' There's still 'a couple of technical details to work out,' Bessent told reporters Tuesday after two days of meetings with officials from Beijing led by Vice Premier He Lifeng. The Stockholm negotiations marked the third round of US-China trade talks in less than three months. They wrapped up ahead of an Aug. 12 deadline to resolve differences during a 90-day suspension of sky-high tariffs that had threatened to cut off bilateral trade. Adding an extra 90 days is one option, Bessent said. 'While there is disappointment that nothing material was agreed, the mood seems to be constructive and optimistic about future potential deals,' Kelvin Lam, senior China economist at Pantheon Macroeconomics in London, said in an initial assessment. Asian shares were mixed in early trade on Wednesday. The S&P 500 snapped a six-day rally. A 90-day extension would clear the path for Trump to visit China to meet with President Xi Jinping in late October, around the time of an international meeting in South Korea that the US leader is likely to attend. Speaking to reporters on Air Force One, Trump said he may meet with Xi before the end of the year. Trump also said he heard from Bessent that the talks with China went well. Trump-Xi Summit? Both sides have been taking steps to turn down the temperature and reduce flashpoints recently, with Chinese exports of rare earth magnets starting to recover in June and the US saying it would approve shipments of a semiconductor used for artificial intelligence which it had blocked. This week, the US also declined to allow Taiwanese President Lai Ching-te to transit through the US, removing a potential thorn in ties with the mainland, which claims Taiwan as its own territory. 'All of these moves are setting the stage for what I predict will be a summit between Trump and Xi before Thanksgiving,' Harvard professor Graham Allison said on X. Allison last month met with China's foreign minister and the party secretary of Shanghai, who is a member of the Politburo. The Stockholm round came on the heels of the Trump administration reaching preliminary tariff deals with Japan and the European Union. Bessent said his Chinese counterparts were in 'more of a mood for a wide-ranging discussion.' The US treasury chief told CNBC that the Chinese side came to talks with a delegation of 75 people, versus the 15-strong team fielded by Washington. 'We start out in a very large room, probably 12 or 15 on each side of the table,' he said. The 'real work gets' done when delegates 'break down into smaller groups of two-on-two,' he added. Unlike at the previous talks in London, the US team this time around didn't include Commerce Secretary Howard Lutnick, who oversees Washington's export control regime. With the outlook for tariffs looking less dire than in April, the International Monetary Fund this week raised its forecasts for global growth this year. The truce has also helped China's economy, with the IMF boosting its 2025 outlook for the country to 4.8%, noting the lower levies and stronger-than-expected activity in the first half. At issue in the ongoing dialogue is how the two countries seek to maintain a stable trading relationship while applying barriers like tariffs and export controls to limit each other's progress in critical sectors ranging from battery technology and defense to semiconductors. Greer said the US wants assurances that critical materials like magnets keep flowing so the two sides can focus on other priorities. 'We don't ever want to talk about magnets again,' he said. Greer said the resumption of China's rare earths exports is Beijing's biggest concession so far. Asked if the US made any commitments to China on its pending 232 investigations, Greer said China asked for status updates on them, but stressed that the eventual duties would be applied globally and not have any exemptions for particular countries. Reducing the 20% tariffs that Trump imposed over US claims that Chinese companies supply chemicals used to make the illegal drug fentanyl is also a high priority for Beijing, Eurasia Group analysts wrote in a note last week. In the background of the latest trade talks between Washington and Beijing is the race by several economies to sign tariff deals with Trump before Aug. 1, when he's threatening to impose so-called reciprocal import taxes on the US's major trading partners.
Time of India
38 minutes ago
- Time of India
Amazon-backed Skild AI unveils general-purpose AI model for multi-purpose robots
Robotics startup Skild AI , backed by and Japan's SoftBank Group , on Tuesday unveiled a foundational artificial intelligence model designed to run on nearly any robot - from assembly-line machines to humanoids. The model, called Skild Brain , enables robots to think, navigate and respond more like humans. Its launch comes amid a broader push to build humanoid robots capable of more diverse tasks than the single-purpose machines currently found on factory floors. In demonstration videos, Skild-powered robots were shown climbing stairs, maintaining balance after being shoved, and picking up objects in cluttered environments - tasks that require spatial reasoning and the ability to adapt to changing surroundings. The company said its model includes built-in power limits to prevent robots from applying unsafe force. Skild trains its model on simulated episodes and human-action videos, then fine-tunes it using data from every robot running the system. Co-founders Deepak Pathak and Abhinav Gupta told Reuters in an exclusive interview that the approach helps tackle a data scarcity problem unique to robotics. "Unlike language or vision, there is no data for robotics on the internet. So you cannot just go and apply these generative AI techniques," Pathak, who serves as CEO, told Reuters. Robots deployed by customers feed data back into Skild Brain to sharpen its skills, creating the same "shared brain," said Gupta, who previously founded Meta Platforms' robotics lab in Pittsburgh. Skild's clients include LG CNS - the IT solutions arm of LG Group - and other unnamed partners in logistics and other industrial applications. Unlike software, which can scale quickly, robotics requires physical deployment, which takes time, but Skild's approach allows robots to add new capabilities across different industries quickly, said Raviraj Jain, partner at the startup's investor Lightspeed Venture Partners. The two-year-old startup, which has hired staff from Tesla, Nvidia and Meta, raised $300 million in a Series A funding round last year that valued it at $1.5 billion. Its investors include Menlo Ventures, Khosla Ventures, Sequoia Capital and founder Jeff Bezos.
Time of India
an hour ago
- Time of India
DGCA audit finds 263 safety lapses across Indian airlines; Air India tops list
Advt By The Directorate General of Civil Aviation (DGCA), announced on Wednesday, that its regular annual audit has uncovered 263 safety-related lapses across the country's major to Reuters, the audit revealed 51 deficiencies at the Tata-owned Air India, the highest among all carriers, followed by 23 lapses at India's largest airline, IndiGo. The aviation watchdog provided a breakdown for other major airlines, namely, Air India Express with 25 lapses, Vistara 17 lapses and SpiceJet 14 regulator noted that Akasa Air is yet to be its statement, the DGCA clarified that these audits are a routine part of its safety oversight, conducted in line with the requirements of the International Civil Aviation Organisation (ICAO) and global best regulator also cautioned that it is normal for airlines with larger fleet sizes and more extensive operations to have a higher number of audit findings for Air India, which were first reported by Reuters on Tuesday, include a lack of adequate training for some pilots, the use of unapproved flight simulators, and a poor rostering DGCA made it clear that the audit was not connected to the fatal Boeing 787 crash in Ahmedabad last month which killed 260 regulator has categorised the breaches into two levels of severity. A total of 19 lapses across all airlines were classified as Level I, indicating significant safety breaches, while the rest were deemed Level II DGCA did not publicly detail the specific nature of each lapse found at the airlines.>
