Microsoft server hack hit about 100 organisations, researchers say
Microsoft on Saturday issued an alert about 'active attacks' on self-hosted SharePoint servers, which are widely used by organisations to share documents and collaborate within organisations. SharePoint instances run off of Microsoft servers were unaffected.
Dubbed a 'zero-day' because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organisations.
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign targeting one of its clients on Friday, said that an Internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether – and that was before the technique behind the hack was widely known.
'It's unambiguous,' Bernard said. 'Who knows what other adversaries have done since to place other backdoors.'
He declined to identify the affected organisations, saying that the relevant national authorities had been notified.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
Sign Up
Sign Up
The Shadowserver Foundation confirmed the 100 figure. It said most of those affected were in the United States and Germany, and the victims included government organisations.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
'It's possible that this will quickly change,' said Rafe Pilling, director of Threat Intelligence at Sophos, a British cybersecurity firm.
Microsoft said it had 'provided security updates and encourages customers to install them', a company spokesperson said in an e-mailed statement.
It was not clear who was behind the ongoing hack, but Alphabet's Google, which has visibility into wide swaths of Internet traffic, said it tied at least some of the hacks to a 'China-nexus threat actor'.
The Chinese Embassy in Washington did not immediately respond to a message seeking comment; Beijing routinely denies carrying out hacking operations.
The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Center said in a statement that it was aware of 'a limited number' of targets in the United Kingdom. A researcher tracking the campaign said that the campaign appeared initially aimed at a narrow set of government-related organisations.
The pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Shadowserver put the number at a little more than 9,000, while cautioning that the figure was a minimum.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several US state-level and international government entities.
'The SharePoint incident appears to have created a broad level of compromise across a range of servers globally,' said Daniel Card of British cybersecurity consultancy PwnDefend.
'Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here.' REUTERS
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Times
10 minutes ago
- Business Times
TikTok launches crowd-sourced debunking tool in US
[WASHINGTON] TikTok on Wednesday rolled out a crowd-sourced debunking system in the United States, becoming the latest tech platform to adopt a community-driven approach to combating online misinformation. Footnotes, a feature that the popular video-sharing app began testing in April, allows vetted users to suggest written context for content that might be wrong or misleading - similar to Community Notes on Meta and X. 'Footnotes draws on the collective knowledge of the TikTok community by allowing people to add relevant information to content,' Adam Presser, the platform's head of operations and trust and safety, said in a blog post. 'Starting today, US users in the Footnotes pilot programme can start to write and rate footnotes on short videos, and our US community will begin to see the ones rated as helpful -- and rate them, too,' he added. TikTok said nearly 80,000 US-based users, who have maintained an account for at least six months, have qualified as Footnotes contributors. The video-sharing app has some 170 million US users. TikTok said the feature will augment the platform's existing integrity measures such as labeling content that cannot be verified and partnering with fact-checking organisations, such as AFP, to assess the accuracy of posts on the platform. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up The crowd-sourced verification system was popularised by Elon Musk's platform X, but researchers have repeatedly questioned its effectiveness in combating falsehoods. Earlier this month, a study found more than 90 per cent of X's Community Notes are never published, highlighting major limits in efficacy. The Digital Democracy Institute of the Americas (DDIA) study analysed the entire public dataset of 1.76 million notes published by X between January 2021 and March 2025. TikTok cautioned it may take some time for a footnote to become public, as contributors get started and become more familiar with the feature. 'The more footnotes get written and rated on different topics, the smarter and more effective the system becomes,' Presser said. Tech platforms increasingly view the community-driven model as an alternative to professional fact-checking. Earlier this year, Meta ended its third-party fact-checking programme in the United States, with chief executive Mark Zuckerberg saying it had led to 'too much censorship.' The decision was widely seen as an attempt to appease President Donald Trump, whose conservative base has long complained that fact-checking on tech platforms serves to curtail free speech and censor right-wing content. Professional fact-checkers vehemently reject the claim. As an alternative, Zuckerberg said Meta's platforms, Facebook and Instagram, would use 'Community Notes.' Studies have shown Community Notes can work to dispel some falsehoods, like vaccine misinformation, but researchers have long cautioned that it works best for topics where there is broad consensus. Some researchers have also cautioned that Community Notes users can be motivated to target political opponents by partisan beliefs. AFP
Business Times
40 minutes ago
- Business Times
Robinhood tops profit expectations as trading frenzy sweeps across asset classes
[BENGALURU] Robinhood Markets exceeded second-quarter profit estimates on Wednesday (Jul 30), driven by a massive surge in volumes as investors traded options, crypto and stocks. The strong results add to a run of recent successes for the Menlo Park, California-based online brokerage, which has been aggressively rolling out new products to expand beyond its core user base and become a more integral part of customers' financial routines. They also underscore the resilience of retail investors, who have stayed active despite tariff-related turbulence, and highlight their key role in the current financial landscape. 'When the market drops, our customers tend to lean in and buy. It feels like there's more room for retail engagement from here,' chief financial officer Jason Warnick said, adding that the momentum had carried into July. The company more than doubled its profit to US$386 million, or 42 US cents per share, for the three months ended Jun 30. Analysts were expecting 31 US cents per share, according to data compiled by LSEG. Transaction-based revenues increased 65 per cent to US$539 million from last year. Crypto revenue jumped 98 per cent, options soared 46 per cent and equities climbed 65 per cent. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up Shares rose 1.6 per cent after market close. They have nearly tripled so far this year, compared with a 9 per cent gain in the Nasdaq composite index. Expansion drive Robinhood is rapidly establishing itself as a major force across asset classes, evolving beyond its origins as a stock-trading app. But the expansion has faced hurdles. Last month, it launched tokens allowing users in the European Union to trade US-listed stocks, alongside a limited offering providing exposure to private companies such as OpenAI and SpaceX. OpenAI pushed back, arguing that it did not endorse the tokens. Still, Robinhood CEO Vlad Tenev called tokenisation 'the biggest innovation our industry has seen in the past decade'. Earlier this month, Robinhood was also floated as a potential candidate to be included in the S&P 500 index. Such a move typically lifts the stock by triggering buying from funds that track the index. But the spot eventually went to Datadog, a cloud security firm worth US$52 billion. 'It's flattering to be in the conversation,' Warnick said. 'It's a really strong signal that we have been on the right track. But it's not something I'm distracted by at all.' Robinhood has cemented its hold in areas of consumer finance beyond trading. It launched a credit card for its Gold subscribers last year, and has since added a wealth management service with fee caps for those users. The expanded lineup has made the premium subscription more attractive, driving a 76 per cent increase to 3.5 million users. REUTERS
CNA
42 minutes ago
- CNA
Microsoft to spend record $30 billion this quarter as AI investments pay off
Microsoft forecast on Wednesday a record $30 billion in capital spending for the current fiscal first quarter, after booming sales in its Azure cloud computing business showcased the growing returns on its massive bets on artificial intelligence. Shares of the software company rose 9 per cent in extended trading after it said Azure sales surpassed $75 billion on an annual basis, the first time it has disclosed that figure, beating expectations for $74.62 billion. Microsoft's higher-than-expected capital expenditure forecast - its largest ever for a single quarter - put it on track to potentially outspend its rivals over the next year. It came after Google said it would spend more on data centers to meet demand for AI services, and Meta projected higher sales with only modest increases in spending. The trio of results could help resolve investor questions about whether Big Tech is benefiting from its massive data center buildout, with capital spending to reach $330 billion this year. Microsoft and Meta's results helped fuel a $500-billion gain in AI stocks. "I feel very good that the spend that we're making is correlated to basically contracted, on-the-books business that we need to deliver," Microsoft Chief Financial Officer Amy Hood said on a conference call with investors. Microsoft's cloud business still trails market leader Amazon Web Services, which had a head start in cloud computing and brought in $107.56 billion in its most recent fiscal year. But investors said Microsoft's new revenue figure indicates its investments are translating to increased sales. "Now that Microsoft's disclosing that number, it's really just helping justify the huge investments," said Dave Wagner, portfolio manager at Aptus Capital Advisors, which holds Microsoft shares. Rival Alphabet's earnings also showed last week that AI spending was rising, but so were the returns, as it beat revenue estimates and lifted its outlay forecast by $10 billion. Microsoft said Azure revenue jumped 39 per cent in the June quarter, more than the average analyst estimate of 34.75 per cent, according to Visible Alpha. The company said it expects growth of 37 per cent for the current quarter, beating analyst estimates of 33.5 per cent, according to Visible Alpha data. Microsoft has said the spending is crucial to overcoming supply constraints that have hampered its ability to meet soaring AI demand. The fiscal first-quarter capital expenditure estimate of $30 billion surpassed analysts' expectations of $23.75 billion, according to Visible Alpha data. In the just-ended fiscal fourth quarter, capital spending rose 27 per cent to $24.2 billion, compared with estimates of $23.08 billion, per Visible Alpha. Microsoft said its Copilot AI tools had surpassed 100 million monthly active users, the first time it has provided such a figure. Google has said rival Gemini has 450 million active users. Overall revenue rose 18 per cent to $76.4 billion in the April-June period, Microsoft's fiscal fourth quarter. Analysts on average expected $73.81 billion, according to data compiled by LSEG. LONGER-LIVED ASSETS Microsoft said its capital spending trended slightly toward longer-lived assets such as data centers, after it previously told investors the mix would shift toward shorter-lived assets such as chips over its 2026 fiscal year. Jonathan Neilson, Microsoft's vice president of investor relations, said that guidance does not mean that Microsoft will not continue to invest in longer-lived assets when capacity is needed to meet demand. "We are going to absolutely invest against that," Neilson said in an interview. The company has emerged as an early leader in making money from AI thanks to its exclusive access to OpenAI's technology. The tie-up has helped attract scores of businesses to its cloud service and allowed Microsoft to swiftly roll out AI products such as its M365 Copilot AI assistant for enterprises. "The bar was set really high. And my impression is they delivered ... They were able to execute in a very demanding environment," said Dan Morgan, portfolio manager at Synovus Trust, which owns Microsoft shares. Microsoft is just $200 billion short of becoming only the second company to hit a $4-trillion valuation, with its shares up about 20 per cent this year. But investor doubts have risen about the OpenAI tie-up as the companies renegotiate the deal and the startup shifts some workloads to rivals, including Google and Oracle. Media reports have said the two are at a deadlock over how much access Microsoft will retain to OpenAI's tech and its stake if OpenAI converts into a public-benefit corporation. Microsoft has tried to reduce its reliance on OpenAI by developing in-house AI technology and broadening its model lineup with partners such as xAI, Meta, and France's Mistral, hosting their models on Azure for clients.
