Microsoft server hack hit about 100 victims, researchers say
Microsoft on Saturday issued an alert about "active attacks" on self-managed SharePoint servers, which are widely used by government agencies and businesses to share documents within organisations.
Dubbed a "zero-day" because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organizations.
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether - and that was before the technique behind the hack was widely known.
"It's unambiguous," Bernard said. "Who knows what other adversaries have done since to place other backdoors."
He declined to identify the affected organizations, saying that the relevant national authorities had been notified.
The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organizations.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
"It's possible that this will quickly change," said Rafe Pilling, director of Threat Intelligence at Sophos, a British cybersecurity firm.
Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement.
It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Center said in a statement that it was aware of "a limited number" of targets in the United Kingdom.
According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNA
10 hours ago
- CNA
Trump, Carney to speak soon over tariffs, Canadian official says
WASHINGTON: President Donald Trump and Canadian Prime Minister Mark Carney will likely talk "over the next number of days" after the US imposed a 35 per cent tariff on goods not covered by the US-Mexico-Canada trade agreement, a Canadian official said on Sunday (Aug 3). Dominic LeBlanc, the federal cabinet minister in charge of US-Canada trade, told CBS News' "Face the Nation" that he believes there is an option of striking a deal that will bring down tariffs. "We're encouraged by the conversations with Secretary Lutnick and Ambassador Greer, but we're not yet where we need to go to get the deal that's in the best interest of the two economies," LeBlanc said, referring to US Commerce Secretary Howard Lutnick and US Trade Representative Jamieson Greer. The trade minister said he expected Carney and Trump to speak "over the next number of days." "We think there is an option of striking a deal that will bring down some of these tariffs provide greater certainty to investment," LeBlanc said. Washington linked Friday's tariff announcement in part to what it said was Canada's failure to stop fentanyl smuggling. It was the latest blow in a months-long tariff war, which Trump initiated shortly after returning to power this year.
Business Times
16 hours ago
- Business Times
The AI race has big tech spending US$344 billion this year
[LONDON] If there's any lesson to take from the spending plans issued by the world's largest technology companies over the past two weeks, it's to never underestimate the fear of missing out. Microsoft, which set a US$24.2 billion capital spending record last quarter, plans to drop upwards of US$30 billion in the current period. similarly spent US$31.4 billion last quarter, almost double what it dropped a year ago, and is maintaining that level of investment. Google owner Alphabet raised its capital expenditures guidance this year to US$85 billion. Then there's Meta Platforms: The social networking giant lifted the low end of its forecast for 2025 capital expenditures and projected that costs will continue to grow at an even faster pace next year. Altogether, the four companies are expected to spend more than US$344 billion for the year, with much of it going to the data centres necessary to run artificial intelligence (AI) models. 'We have basically tripled capex investment in cloud due to AI,' Bloomberg Intelligence analyst Mandeep Singh said. The emphasis from virtually every company executive during this earnings season was on investing as quickly as possible to get ahead. 'We need the teams to execute at their very best to get the capacity in place as quickly and effectively as they can,' Microsoft chief financial officer Amy Hood told analysts in a call on Wednesday. Susan Li, Meta's CFO, said the goal of its own spend is to secure the advantage 'in developing the best AI models'. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up Wall Street's response has been mixed. Meta was rewarded – in large part because the company posted a strong second-quarter sales beat and issued a rosy revenue forecast, signalling that the billions it's spending on AI are paying off. 'On advertising, the strong performance this quarter is largely thanks to AI unlocking greater efficiency and gains across our ad system,' chief executive officer Mark Zuckerberg said on an analyst call. Zuckerberg has plans to build several massive data centres and has been luring top AI researchers with compensation packages valued at hundreds of millions of US dollars. The company recently restructured its internal AI division, now referred to as Meta Superintelligence Labs, in an effort to build human-level AI capabilities and apply that technology across its products. Shares of the company have gained more than 8 per cent since it reported earnings on Wednesday. Amazon, on the other hand, failed to convince investors that its lavish spending has been worth it. The stock was down as much as 8.1 per cent on Friday after the company reported tepid sales from its cloud division. The results were 'especially disappointing' given the strong performance from Google's and Microsoft's own cloud services, according to Bloomberg Intelligence (BI). And the ongoing capital costs will not help. The operating margin for Amazon's cloud unit will continue to face pressure 'through 2026 as capital spending ramps up', BI analysts Poonam Goyal and Anurag Rana said. Alphabet's shares are essentially unchanged from last week when it reported earnings and issued guidance. The company raised its capital expenditures outlook by US$10 billion and expects to ramp up spending even more in 2026. chief executive officer Sundar Pichai explained that the investments are necessary to keep up with customer demand. 'Obviously, we are seeing strong momentum across our portfolio, and especially in cloud,' Pichai told analysts in a call on Jul 23. 'It's a tight supply environment, and we are investing more to expand.' Nikhil Lai, an analyst at Forrester, put it another way: If Google wants to keep up with rivals, he said, it has little choice but to follow suit: 'Google's hand is forced by OpenAI to spend tremendously on AI's infrastructure and applications.' Microsoft tied its AI investments directly to a 39 per cent jump in sales for its Azure cloud-computing division, which came in ahead of analysts' estimates. 'We continue to lead the AI infrastructure wave and took share every quarter this year,' chief executive officer Satya Nadella said in a call with analysts on Jul 30. 'In Microsoft's case, the returns are good,' Gil Luria, an analyst with DA Davidson, said. The only question now is whether Microsoft's customers are in turn seeing a decent return on investment, he said. 'That's where the test will be,' he said. 'If they don't, they are not going to increase that spend next year.' Apple's capital plans pale in comparison to its big tech peers. But the iPhone maker did raise its spending estimates, tying much of the increase to AI efforts. Apple's property, plant and equipment investments totalled US$9.47 billion in the nine months ended Jun 28, up nearly 45 per cent from a year ago. 'You are going to continue to see our capex grow,' chief financial officer Kevan Parekh told analysts on Thursday. 'It's not going to be exponential growth, but it is going to grow, substantially. And a lot of that's a function of the investments we are making in AI.' BLOOMBERG
CNA
a day ago
- CNA
US agency probes special counsel who prosecuted Trump: Report
WASHINGTON: US officials have opened an investigation into Jack Smith, the former special counsel who led two federal criminal cases against President Donald Trump, US media reported on Saturday (Aug 2). The Office of Special Counsel told The New York Times it was investigating Smith for potentially violating the Hatch Act, which prohibits federal workers from engaging in political activity while on the job. Republican Senator Tom Cotton had reportedly asked the agency to investigate whether Smith's actions had been designed to influence the 2024 US elections. The agency, which monitors the conduct of federal employees, did not immediately respond to request for comment by AFP. Smith was appointed special counsel in 2022, and charged Trump with plotting to overturn the results of the 2020 election and mishandling classified documents after leaving the White House. Trump denied both charges and sought to frame them as politically motivated, accusing the Justice Department of being weaponised against him. Neither case ever came to trial, and the special counsel - in line with a Justice Department policy of not prosecuting a sitting president - dropped them both after Trump won the November 2024 presidential election. Smith then resigned before Trump could fulfil his campaign pledge to fire him. The Office of Special Counsel operates separately from special counsel offices at the Department of Justice, such as the one headed by Smith. The prosecutorial decisions made by Smith do not typically fall under its remit, according to the Times. It cannot lay criminal charges against Smith but could refer its findings to the Department of Justice, which does have that power. The most severe penalty under the Hatch Act is termination of employment, which would not apply to Smith as he has already resigned. Since taking office in January, Trump has taken a number of punitive measures against his perceived enemies. He has stripped former officials of their security clearances and protective details, targeted law firms involved in past cases against him and pulled federal funding from universities. Last month, the Federal Bureau of Investigation (FBI) opened criminal investigations into its former director James Comey and ex-Central Intelligence Agency (CIA) chief John Brennan, two prominent Trump critics.
