Global Hack on Microsoft Hits US State Agencies
Microsoft on Saturday issued an alert about 'active attacks' on self-hosted SharePoint servers, which are widely used by organizations to share documents and collaborate within organizations. SharePoint instances run off of Microsoft servers were unaffected.
The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details.
The 'zero-day' attack, so called because it targeted a previously unknown vulnerability, is only the latest cybersecurity embarrassment for Microsoft.
Last year, the company was faulted by a panel of US government and industry experts for lapses that enabled a 2023 targeted Chinese hack of US government emails, including those of then-Commerce Secretary Gina Raimondo.
This most recent attack compromises only those servers housed within an organization — not those in the cloud, such as Microsoft 365, officials said.
After first suggesting that users make modifications to or simply unplug SharePoint server programs from the internet, the company on Sunday evening released a patch for one version of the software.
Two other versions remain vulnerable and Microsoft said it is continuing to work to develop a patch.
Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software.
'Anybody who's got a hosted SharePoint server has got a problem,' said Adam Meyers, senior vice president with CrowdStrike, a cybersecurity firm. 'It's a significant vulnerability.'
Pete Renals, a senior manager with Palo Alto Networks' Unit 42 said, 'We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available. We have identified dozens of compromised organizations spanning both commercial and government sectors.''
With access to these servers, which often connect to Outlook email, Teams and other core services, a breach can lead to theft of sensitive data as well as password harvesting, Netherlands-based research company Eye Security noted, according to The Washington Post.
What's also alarming, researchers said, is that the hackers have gained access to keys that may allow them to regain entry even after a system is patched.
'So pushing out a patch on Monday or Tuesday doesn't help anybody who's been compromised in the past 72 hours,' said one researcher, who spoke on the condition of anonymity because a federal investigation is ongoing.
It was not immediately clear who is behind the hacking of global reach or what its ultimate goal is.
One private research company found the hackers targeting servers in China as well as a state legislature in the eastern United States. Eye Security said it has tracked more than 50 breaches, including at an energy company in a large state and several European government agencies.
Others that were breached included a government agency in Spain, a local agency in Albuquerque and a university in Brazil, security researchers said.
One state official in the eastern US said the attackers had 'hijacked' a repository of documents provided to the public to help residents understand how their government works. The agency involved can no longer access the material, but it wasn't clear whether it was deleted.
Some security companies said they had not seen deletions in the SharePoint attacks, only the theft of cryptographic keys that would allow the hackers to reenter the servers.
CISA spokesperson Marci McCarthy said the agency was alerted to the issue Friday by a cyber research firm and immediately contacted Microsoft.
Microsoft has been faulted in the past for issuing fixes that are too narrowly designed and leave similar avenues open to attack.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Arab News
an hour ago
- Arab News
Chinese firm eyes investment in Pakistan's ICT, new energy sectors — ministry
ISLAMABAD: GuoDong Group, a leading Chinese communications firm, has expressed 'strong interest' in investment in Pakistan's information and communication technology (ICT) and new energy sectors, the Pakistani IT ministry said on Sunday. The statement came after a meeting between Pakistan's IT Minister Shaza Fatima Khawaja and a three-member GuoDong Group delegation, led by its founder and chairman Lu Jie in Shanghai. The meeting took place on the sidelines of the Global Artificial Intelligence Conference, at which both sides discussed investment opportunities in Pakistan, according to the Pakistani IT ministry. 'The delegation expressed strong interest in investing in Pakistan's ICT sector, with a focus on telecommunication towers, data centers, and cloud computing infrastructure,' the Pakistani ministry said in a statement. 'Mr. Lu Jie also conveyed interest in expanding to new energy domains, including EV charging stations, smart city solutions, and advanced material manufacturing within Pakistan.' The development comes as Pakistan, slowly recovering from a macroeconomic crisis under a $7 billion International Monetary Fund (IMF) deal, has been looking to boost foreign investment for sustainable growth. In May, the Pakistani government allocated 2,000 megawatts (MW) of electricity in the first phase of a national initiative to power cryptocurrency mining and Artificial Intelligence (AI) data centers. The South Asian country is also looking to build critical electric vehicle (EV) charging infrastructure as it targets 30 percent of all new vehicle sales to be electric by 2030 under its ambitious New Electric Vehicle Policy (NEVP) 2025–2030. Welcoming the proposals, Khawaja invited the GuoDong Group officials to visit Pakistan for more detailed discussions with relevant stakeholders. 'She assured the delegation of the Government's full support and facilitation to help realize these investment initiatives,' the IT ministry said.
Al Arabiya
an hour ago
- Al Arabiya
Trump says EU and US have ‘reached a deal' on trade
US President Donald Trump said Sunday that he had reached a trade agreement with European Union chief Ursula von der Leyen. 'We have reached a deal. It's a good deal for everybody,' Trump told reporters after talks with von der Leyen at his golf resort in Turnberry, Scotland. The EU chief also hailed it as a 'good deal.'
Arab News
2 hours ago
- Arab News
Bangladesh orders 25 Boeing planes as part of push to ease US tariffs
DHAKA: Bangladesh has ordered 25 aircraft from Boeing and ramped up imports of key American goods in an effort to defuse trade tensions and bring down the steep tariffs imposed by the Trump administration, a senior official said on Sunday. The moves are part of a broader strategy to narrow a $6 billion US trade deficit with Bangladesh and avoid a looming 35 percent tariff hike that has rattled the country's export sector, especially the garments industry which risks losing competitiveness in one of its largest markets. 'We need new aircraft urgently, possibly within the next couple of years,' Commerce Secretary Mahbubur Rahman told reporters. 'Initially, it was 14 planes — now it's 25,' he said, referring to an earlier plan to purchase aircraft from the US-based manufacturer. Alongside the aircraft deal, Bangladesh is boosting imports of wheat, soybean oil and cotton from the United States. A new agreement signed earlier this month will see the country import 700,000 tons of US wheat annually over the next five years. Officials hope that these steps will help improve trade relations with Washington and soften the impact of the Trump administration's tariff measures.
