Microsoft server hack hit 100 organisations: analysts
Microsoft on Saturday issued an alert about "active attacks" on self-hosted SharePoint servers, which are widely used by organisations to share documents and collaborate within organisations.
SharePoint instances run off of Microsoft servers were unaffected.
Dubbed a "zero-day" because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organisations.
❗ ALERT ❗ ASD's ACSC is aware of a vulnerability affecting instances of Microsoft Office SharePoint Server products. Organisations should take immediate action 👉 https://t.co/HB1ATIHewP pic.twitter.com/qqefoLyMb7
— Australian Signals Directorate (@ASDGovAu) July 20, 2025
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether - and that was before the technique behind the hack was widely known.
"It's unambiguous," Bernard said.
"Who knows what other adversaries have done since to place other backdoors."
He declined to identify the affected organisations, saying that the relevant national authorities had been notified.
The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organisations.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
"It's possible that this will quickly change," said Rafe Pilling, director of Threat Intelligence at Sophos, a British cybersecurity firm.
Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement.
It was not clear who was behind the ongoing hack.
The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners but offered no other details.
The UK National Cyber Security Centre said in a statement that it was aware of "a limited number" of targets in the United Kingdom.
A researcher tracking the campaign said that the campaign appeared initially aimed at a narrow set of government-related organisations.
The pool of potential targets remains vast.
According to data from Shodan, a search engine that helps to identify internet-linked equipment, more than 8000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies and several US state-level and international government entities.
"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," Daniel Card of UK cybersecurity consultancy PwnDefend said.
"Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
28 minutes ago
- Yahoo
How ethereum rose to become a mainstream cryptocurrency
The Ether Machine, a new crypto venture formed through the merger of Ether Reserve and Dynamix Corporation (DYNX), is preparing to go public after raising over 400,000 ether (ETH-USD), equivalent to $1.5 billion, offering the public a new way to access cryptocurrency yields. The news came after a week when the ethereum cryptocurrency surged by over 20%, leading some to predict that it could pass $4,000 and sending long-term predictions into the $10,000s. Ether Machine isn't the first firm to do this. BitMine Immersion Technologies (BMNR), chaired by Fundstrat's Tom Lee, announced plans to begin stockpiling ether back in late June. SharpLink Gaming (SBET), a Nasdaq-listed sports-betting technology company, made a similar move in late May when it named Ethereum co-founder Joseph Lubin as its new chairman. Further adoption of the blockchain into the mainstream in recent months has supported ethereum's rise, including Robinhood's (HOOD) introduction of ethereum staking in the US and the passage of the stablecoin-focused GENIUS bill through the US Senate. Here's what to know about ethereum and what sets it apart from other blockchains. What sets ethereum apart? Ethereum is a decentralized blockchain platform that hosts programmable contracts and other cryptocurrencies. Its native crypto token, named ether but sometimes referred to as ethereum, is now the second-largest cryptocurrency by market cap, topped only by bitcoin (BTC-USD). A 'blockchain' is a digital record of transactions and other data. New 'blocks,' or batches of validated records, are added onto the publicly accessible chain, referencing previous ones, so that anyone using a blockchain agrees on the current state of finalized transactions. 'Transactions are entered, and then they are immutable," Algorand Foundation CEO Staci Warden told Yahoo Finance. "It is about integrity. You know when something is entered, nobody else can mess around with it.' In addition to ether and other popular cryptocurrencies, over 50% of all stablecoins in circulation are hosted on ethereum, and the platform can also be used to exchange NFTs and more, according to Galaxy. One major difference in how these transactions take place on ethereum compared to the bitcoin blockchain is that ethereum includes functionality for users to create and use so-called smart contracts. Smart contracts are programs that can execute financial operations when conditions are met, often used to develop applications known as decentralized finance or DeFi apps. These 'dapps' offer a variety of financial services without the middleman of traditional financial institutions. For example, a smart contract could be set up to automatically initiate a purchase once a cryptocurrency hits a certain price. For some, the fact that smart contracts can't be altered once put on the blockchain and that they operate based on code instead of being manually performed by an individual or institution are benefits of the system. How it began Ethereum launched on July 30, 2015, as 'Frontier' after raising $18 million in an initial coin offering (ICO) the year prior. The release followed a period when ethereum encouraged users to stress-test the blockchain by offering a prize of 25,000 ether. In 2016, ethereum network participants attacked a decentralized autonomous organization, or DAO, which had raised ether through crowdfunding. The users targeted a vulnerability in DAO's smart contracts and stole over $50 million worth of ether. To reverse the attack, ethereum created a controversial 'hard fork,' in which they rolled back the blockchain's history to before the theft. While most adopted this new blockchain, some refused and stuck with what is now known as Ethereum Classic. Since then, ethereum has continued rolling out updates, including a series known as 'The Merge' conducted in 2022. With it, ethereum switched from using proof-of-work for blockchain consensus to proof-of-stake, separating it from peers like bitcoin. Proof-of-work blockchains function through the work of 'miners,' or specialized computers that contribute computational power to validate transactions using cryptography. Miners are rewarded with newly issued cryptocurrency for the amount of computing power they contribute to verifying transactions. Under the proof-of-stake system, however, security comes from users locking a certain amount of the cryptocurrency they own into a smart contract as collateral before they can be selected to add new blocks of validated transactions to the blockchain. According to the Ethereum Foundation, this switch alone cut the platform's energy consumption by 99.5%, and co-founder Vitalik Buterin claimed that it would reduce the world's energy consumption by 0.2%. 'With climate concerns and ESG-investing remaining a major topic for institutional investors, ethereum's drastic energy reduction could open doors for additional capital flows and longer-term sustainability,' Tom Dunleavy, a senior research analyst with Messari, told Yahoo Finance. Broader adoption Since its launch, ethereum has drawn attention from investors and organizations alike. Visa (V) began settling transactions using the USD Coin (USDC-USD) stablecoin on the ethereum blockchain in 2021. 'The announcement today marks a major milestone in our ability to address the needs of fintechs managing their business in a stablecoin or cryptocurrency,' Visa chief product officer Jack Forestell said. 'It's really an extension of what we do every day, securely facilitating payments in all different currencies all across the world.' More recently, with stablecoin legislation passing this June, Wall Street executives, including JPMorgan Chase (JPM) CEO Jamie Dimon and Citigroup (C) CEO Jane Fraser, have indicated interest in working with crypto assets. Public figures have also joined the movement to adopt crypto. In February, Eric Trump posted to X, saying, 'In my opinion, it's a great time to add $ETH.' His words reflect a presidential administration that has been supportive of cryptocurrency. President Trump's Media & Technology Group filed to list an ETF that included ether, and the president celebrated the passage of the GENIUS Act on Truth Social. 'HAPPY CRYPTO WEEK!' Trump posted last week. 'This is our moment — Digital Assets, GENIUS, Clarity!' David Hollerith contributed to this post. — Nina is a data reporting intern for Yahoo Finance.
Yahoo
28 minutes ago
- Yahoo
Dogs of the Dow: Why Procter & Gamble (PG) is a Pillar of Dividend Stability
The Procter & Gamble Company (NYSE:PG) is included among the 11 Dogs of the Dow Dividend Stocks to Buy Now. A happy couple viewing the products of this household and personal product company in a mass merchandiser store. The Procter & Gamble Company (NYSE:PG) owns several leading consumer brands like Pampers and Tide— products that are considered essentials for many households. While there's always a possibility that consumers could opt for cheaper, generic alternatives, recent sales figures don't indicate any major shift in buying behavior that would pose a serious threat to the business. The Procter & Gamble Company (NYSE:PG) is considered one of the most reliable dividend stocks in the market. Its stability comes from a wide range of top-tier brands in areas like beauty, health, grooming, home care, and family care. Thanks to strong customer loyalty and an efficient global supply chain, the company regularly posts profit margins that outperform many competitors. The Procter & Gamble Company (NYSE:PG)'s long-standing financial strength is further proven by its impressive 69 consecutive years of dividend increases, which is one of the longest growth streaks among publicly traded companies. On July 8, the company declared a quarterly dividend of $1.0568 per share, in line with its previous dividend. With a dividend yield of 2.67% as of July 26, PG is among the best dogs of the Dow. While we acknowledge the potential of PG as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: and Disclosure: None.
CNN
30 minutes ago
- CNN
On GPS: Bill Gates on navigating the future of AI
This week, the White House announced its plan to make America the world leader in artificial intelligence — largely by scaling back regulations. Fareed sits down with Microsoft cofounder and philanthropist Bill Gates to talk about how he sees the present and future of AI.
