Microsoft cyberattack hits 100 organisations, security firms say
Two of the organisations that helped uncover the attack announced their findings on Monday.
On Saturday, Microsoft issued an alert about 'active attacks' on self-hosted SharePoint servers, which are widely used by organisations to share documents and collaborate within others. SharePoint instances run off of Microsoft servers were unaffected.
Dubbed a 'zero-day' because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organisations.
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether – and that was before the technique behind the hack was widely known.
'It's unambiguous,' Bernard said. 'Who knows what other adversaries have done since to place other backdoors.'
He declined to identify the affected organisations, saying that the relevant national authorities had been notified.
The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organisations.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
'It's possible that this will quickly change,' said Rafe Pilling, director of threat intelligence at Sophos, a British cybersecurity firm.
A Microsoft spokesperson said in an emailed statement that it had 'provided security updates and encourages customers to install them'.
It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre said in a statement that it was aware of 'a limited number' of targets in the United Kingdom. A researcher tracking the hacks said that the campaign appeared initially aimed at a narrow set of government-related organisations.
Potential targets
The pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, more than 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies and several US state-level and international government entities.
'The SharePoint incident appears to have created a broad level of compromise across a range of servers globally,' said Daniel Card of British cybersecurity consultancy, PwnDefend.
'Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here.'
On Wall Street, Microsoft's stock is about even with the market open as of 3pm in New York (19:00 GMT), up by only 0.06 percent, and has gone up more than 1.5 percent over the last five days of trading.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Al Jazeera
7 hours ago
- Al Jazeera
Cyber kidnapping scams target Chinese international students
101 East investigates cyber kidnappings – a growing online scam targeting Chinese international students. A disturbing 'cyber kidnapping' scam is targeting Chinese students around the world, forcing them to fake their own abductions for ransom. In December 2023, 17-year-old Chinese student Kai Zhuang disappeared in the United States. His family received ransom demands and a photo of him in distress. Days later, he was found hiding in Utah's mountains. Four months earlier, a 22-year-old female student was reported missing in Australia, with her family receiving photos of her bound and bloodied. She was found unharmed within 24 hours. 101 East investigates how cyber criminals use sophisticated methods to coerce Chinese international students into staging kidnappings.
Al Jazeera
12 hours ago
- Al Jazeera
Australia lifts curbs on US beef that angered Trump
Australia has announced that it will lift tough restrictions on beef imports from the United States, removing measures singled out for criticism by US President Donald Trump. Agriculture Minister Julie Collins said the government would remove the biosecurity restrictions after a 'rigorous science and risk-based assessment' found the risks were being effectively managed on the US side. 'Australia stands for open and fair trade – our cattle industry has significantly benefited from this,' Collins said in a statement. Australia, which has some of the world's toughest biosecurity measures, has until now not accepted beef from cattle raised in Canada and Mexico but slaughtered in the US. Canberra lifted a ban on beef from cows raised and slaughtered in the US, introduced in response to an outbreak of mad cow disease, in 2019. The move comes after Trump called out Australia's restrictions on US beef in his April 2 'Liberation Day' announcement of sweeping tariffs on dozens of countries. 'Australia bans – and they're wonderful people and wonderful everything – but they ban American beef,' Trump said. 'They won't take any of our beef,' Trump added. 'They don't want it because they don't want it to affect their farmers and you know, I don't blame them but we're doing the same thing right now starting at midnight tonight, I would say.' Australia, which exports about 70 percent of its beef, is among the main suppliers of red meat to US, but consumes little American beef. Australia exported about 26,000 tonnes of beef and veal to the US in the first three weeks of July, according to government statistics. Meat & Livestock Australia, a producer-owned company that supports the local beef industry, said the changes would have a minimal effect on the market. 'The potential for US beef to be imported into Australia in large volumes is minimal, given the high demand for beef in the US, the low US cattle herd, the strength of the Australian dollar, our competitive domestic supply, and most importantly Australians' strong preference for high-quality, tasty and nutritious Australian beef,' the company said. 'In fact, demand for Australian beef in the US continues to grow. In June 2025, exports to the US rose 24 percent year-on-year, despite a 10 percent tariff introduced in April.'
Al Jazeera
18 hours ago
- Al Jazeera
US court decisions allow for Abrego Garcia's release, bar his deportation
A United States judge has blocked immigration authorities from immediately detaining and deporting Kilmar Abrego Garcia upon his release from jail. The decision was part of a one-two punch on Wednesday, as two courts weighed in on the Maryland father's fate. Abrego Garcia was catapulted into the national spotlight in March after the administration of President Donald Trump wrongfully deported him to his native El Salvador, despite a court order protecting him from removal. His case became emblematic of the early days of Trump's mass deportation drive, with critics accusing the president of taking a slapdash approach that violated the due process of the law. In recent weeks, Abrego Garcia has been held in a Tennessee prison, as the Trump administration pursues criminal charges against him. But in one of Wednesday's twin rulings, US District Judge Waverly Crenshaw in Nashville upheld the finding that Abrego Garcia could be released from jail, rejecting Trump administration claims that he might be a danger or a flight risk. Crenshaw also expressed doubt about the Trump administration's claims that Abrego Garcia is a member of the gang MS-13, citing a lack of evidence. His decision allows Abrego Garcia to potentially be released from detention as he awaits a January trial on human smuggling charges. Still, his release has been once again delayed for a period of 30 days, at the request of Abrego Garcia's lawyers, who fear he could be deported. Simultaneously on Wednesday, a second court hearing was unfolding in Maryland under US District Judge Paula Xinis. She has been hearing arguments about Abrego Garcia's wrongful deportation to El Salvador, as part of a lawsuit filed by his wife, Jennifer Vasquez Sura. Given that Trump officials have signalled they plan to deport Abrego Garcia if he is released, Xinis issued a ruling requiring that immigration officials to give him notice of three business days if they initiate removal proceedings. The Trump administration, Xinis wrote, has 'done little to assure the court that, absent intervention, Abrego Garcia's due process rights will be protected'. Xinis also ordered the government to restore the legal status that Abrego Garcia had previously been under, which allowed him to live and work in Maryland. Abrego Garcia was deported to El Salvador in March, in violation of an immigration judge's 2019 order barring him from being sent back to his home country. His lawyers have maintained that Abrego Garcia fled El Salvador as a teenager to avoid gang threats. The government acknowledged that Abrego Garcia's removal to El Salvador had been the result of an 'administrative error'. Judge Xinis — and later the US Supreme Court — ultimately ruled that the Trump administration had a responsibility to 'facilitate' his return to the US. But the Trump administration doubled down, arguing that Abrego Garcia's removal was lawful and painting him as a member of MS-13. Trump even posted a picture of himself to social media holding a photo of Abrego Garcia's knuckles, with the letters and numbers for 'MS-13' digitally superimposed on each finger, next to real tattoos of a smiley face and marijuana leaf. 'He's got MS-13 tattooed onto his knuckles,' Trump wrote, falsely, on April 18. Judge Xinis had threatened to find the Trump administration in contempt of court for failing to adequately facilitate Abrego Garcia's release, or provide meaningful updates. Officials had argued that they had little power to bring him back, given that he was held in El Salvador. But in early June, the Trump administration abruptly announced Abrego Garcia's return to the US. At the same time, the Justice Department revealed it had obtained an indictment to criminally charge Abrego Garcia. At the centre of the government's case is a video from a November 2022 traffic stop, showing Abrego Garcia driving a Chevrolet Suburban SUV with three rows of seats. A police officer heard in the footage speculates that the nine passengers could be involved in human smuggling, but no charges were brought at that time. His lawyers have dismissed the government's case as 'preposterous'. Still, before Xinis's ruling, the lawyers had requested Abrego Garcia remain in custody as he awaits trial, for fear that he might be immediately deported if released. While Abrego Garcia cannot be sent to El Salvador again, the Trump administration has maintained he can be legally deported to a third country, even one where he has no personal ties. Last month, the US Supreme Court ruled that the Trump administration could, at least in the short term, continue to deport individuals to such third-party countries while legal challenges proceed against the practice. Some of those third-party countries have included South Sudan and Eswatini, formerly known as Swaziland, both of which have faced accusations of human rights abuses in their prisons. A spokeswoman for the Department of Homeland Security took to the social media platform X on Wednesday to criticise Xinis's latest ruling. 'The fact this unhinged judge is trying to tell ICE [Immigration and Customs Enforcement] they can't arrest an MS-13 gang member, indicted by a grand jury for human trafficking, and subject to immigration arrest under federal law is LAWLESS AND INSANE,' spokesperson Tricia McLaughlin wrote, reiterating unproven claims. Abrego Garcia's lawyers, however, applauded Wednesday's court decisions. 'These rulings are a powerful rebuke of the government's lawless conduct and a critical safeguard for Kilmar's due process rights,' lawyer Simon Sandoval-Moshenberg said in a statement.
