Microsoft alerts businesses, governments to server software attack
The FBI on Sunday said it is aware of the attacks and is working closely with its federal and private-sector partners, but offered no other details.
In an alert issued on Saturday, Microsoft said the vulnerabilities apply only to SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks.
The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted US and international agencies and businesses.
The hack is known as a 'zero day' attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk.
Microsoft did not immediately respond to a request for comment.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
Sign Up
Sign Up
In the alert, Microsoft said that a vulnerability 'allows an authorised attacker to perform spoofing over a network.' It issued recommendations to stop the attackers from exploiting it.
In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organisation or website.
Microsoft said on Sunday it issued a security update for SharePoint Subscription Edition, which it said customers should apply immediately.
It said it is working on updates to 2016 and 2019 versions of SharePoint. If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it said. REUTERS
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Times
5 minutes ago
- Business Times
Tally of Microsoft victims surges to 400 as hackers capitalise on SharePoint flaw
[WASHINGTON] The number of companies and organisations compromised by a security vulnerability in Microsoft's SharePoint servers is increasing rapidly, with the tally of victims soaring more than six-fold in a few days, according to one research firm. Hackers have breached about 400 government agencies, corporations and other groups, according to estimates from Eye Security, the Dutch cybersecurity company that identified an early wave of the attacks last week. That's up from roughly 60 based on its previous estimate provided to Bloomberg News on Tuesday. The security firm said that most of the victims are in the US, followed by Mauritius, Jordan, South Africa and the Netherlands. The National Nuclear Security Administration, the US agency responsible for maintaining and designing the nation's cache of nuclear weapons, was among those breached, Bloomberg reported earlier. The hacks are among the latest major breaches that Microsoft has blamed, at least in part, on China and come amid heightened tensions between Washington and Beijing over global security and trade. The US has repeatedly criticised China for campaigns that have allegedly stolen government and corporate secrets over a period spanning decades. 'We estimate that the real number might be much higher as there can be many more hidden ways to compromise servers that do not leave traces,' Eye Security's co-owner Vaisha Bernard said in an email to Bloomberg News. 'This is still developing, and other opportunistic adversaries continue to exploit vulnerable servers.' The organisations compromised in the SharePoint breaches include many working in government, education, and technology services, Bernard said. There were smaller numbers of victims in countries across Europe, Asia, the Middle East and South America. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up US Treasury Secretary Scott Bessent, who is set to meet his Chinese counterparts in Stockholm next week for a third round of trade talks, suggested in a Bloomberg Television interview on Wednesday (Jul 23) that the SharePoint hacks will be discussed. 'Obviously things like that will be on the agenda with my Chinese counterparts,' he said. The security flaws allow hackers to access SharePoint servers and steal keys that can let them impersonate users or services, potentially enabling deep access into compromised networks to steal confidential data. Microsoft has issued patches to fix the vulnerabilities, but researchers cautioned that hackers may have already got a foothold into many servers. Microsoft on Tuesday accused Chinese state-sponsored hackers known as Linen Typhoon and Violet Typhoon of being behind the attacks. Another hacking group based in China, which Microsoft calls Storm-2603, also exploited them, according to the company. The Redmond, Washington company has repeatedly blamed China for major cyberattacks. In 2021, an alleged Chinese operation compromised tens of thousands of Microsoft Exchange servers. In 2023, another alleged Chinese attack on Microsoft Exchange compromised senior US officials' email accounts. A US government review later accused Microsoft of a 'cascade of security failures' over the 2023 incident. Eugenio Benincasa, a researcher at ETH Zurich's Center for Security Studies who specialises in analysing Chinese cyberattacks, said members of the groups identified by Microsoft had previously been indicted in the US for their alleged involvement in hacking campaigns targeting US organisations. They are well known for their 'extensive espionage,' he said. It's likely that the SharePoint breaches are being carried out by proxy groups that work with the government rather than Chinese government agencies directly carrying out the hacking, according to Benincasa. Private hacking companies in the country sometimes participate in 'hacker for hire' operations, he added. 'Now that at least three groups have reportedly exploited the same vulnerability, it's plausible more could follow,' he said. 'Cybersecurity is a common challenge faced by all countries and should be addressed jointly through dialogue and cooperation,' said Chinese Foreign Ministry spokesman Guo Jiakun. 'China opposes and fights hacking activities in accordance with the law. At the same time, we oppose smears and attacks against China under the excuse of cybersecurity issues.' According to Microsoft, the hacking group Linen Typhoon was first identified in 2012, and is focused on stealing intellectual property, primarily targeting organisations related to government, defence, strategic planning, and human rights. Violet Typhoon, first observed in 2015, was 'dedicated to espionage' and primarily targeted former government and military personnel, non-governmental organisations, as well as media and education sectors in the US, Europe, and East Asia. The hackers have also used the SharePoint flaws to break into systems belonging to the US Education Department, Florida's Department of Revenue and the Rhode Island General Assembly, Bloomberg previously reported. BLOOMBERG
CNA
5 minutes ago
- CNA
Microsoft server hack has compromised 400 organizations, researchers say
WASHINGTON :About 400 organizations show signs of having been compromised following the discovery of a sweeping cyberespionage operation centered on Microsoft's server software, according to researchers at Netherlands-based Eye Security. The figure compares to 100 organizations cataloged over the weekend. Eye Security says the figure is likely an undercount.
Straits Times
an hour ago
- Straits Times
US nuclear agency hit as Microsoft warns of China link
Cybersecurity researchers have already detected breaches on more than 100 servers representing 60 victims thus far. Microsoft Corp. warned that Chinese state-sponsored hackers are among those exploiting flaws in its SharePoint software to break into institutions globally, with the US agency responsible for designing nuclear weapons now among those breached. In a blog post, the tech giant identified two groups supported by the Chinese government, Linen Typhoon and Violet Typhoon, as leveraging flaws in the document-sharing software that rendered customers who run it on their own networks, as opposed to in the cloud, vulnerable. Another hacking group based in China, which Microsoft calls Storm-2603, also exploited them, according to the blog. The number of companies and agencies subjected to breaches as a result of these exploits is meanwhile mounting: Hackers have used the SharePoint flaws to break into the US National Nuclear Security Administration, according to a person with knowledge of the matter who wasn't authorised to speak publicly. Bloomberg also reported on July 21 that systems belonging to the US Education Department, Florida's Department of Revenue and the Rhode Island General Assembly were compromised. While Microsoft has patched its software in recent days, cybersecurity researchers have already detected breaches on more than 100 servers representing 60 victims thus far, including organisations in the energy sector, consulting firms and universities. Hackers have also exploited the software to break into the systems of national governments from Europe to the Middle East, according to a person familiar with the matter. The SharePoint flaws have been used in hacks since at least July 7, said Mr Adam Meyers, senior vice president at CrowdStrike Holdings Inc. Early exploitation resembled government-sponsored activity, and then spread more widely to include hacking that 'looks like China,' Mr Meyers said. CrowdStrike's investigation into the campaign is ongoing, he said. Microsoft said in its blog that its investigations into other threat actors using these exploits 'is still ongoing.' The company said it has 'high confidence' that hackers will 'continue to integrate them into their attacks'. In a statement, the Chinese Embassy in Washington said China firmly opposes all forms of cyberattacks and cybercrime. Top stories Swipe. Select. Stay informed. Singapore Singapore's domestic recycling rate drops to all-time low of 11% Singapore Male victim of fatal Toa Payoh fire was known to keep many things, say residents Singapore HDB launches 10,209 BTO and balance flats, as priority scheme for singles kicks in Singapore 5 boys between ages 12 and 15 arrested for threatening boy with knife, 2 charged with causing hurt Singapore Money, housing and isolation the biggest struggles for youth leaving children's homes: Study Singapore Sota parent portal taken down for urgent patching following global cyberattack alerts Singapore COE prices for cars mostly unchanged; premium for commercial vehicles up 2.9% Singapore Cyclist charged after allegedly hitting elderly pedestrian, killing him 'At the same time, we also firmly oppose smearing others without solid evidence,' it said. 'We hope that relevant parties will adopt a professional and responsible attitude when characterising cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations.' No sensitive or classified information is known to have been compromised in the attack on the National Nuclear Security Administration, the person with knowledge of the breach said. The semiautonomous arm of the Energy Department is responsible for producing and dismantling nuclear arms. Other parts of the department were also compromised. An Energy Department spokesman said by email that the SharePoint exploitation began affecting the agency on July 18, but it was limited by the fact that the department uses Microsoft's cloud. Representatives of the US Department of Education and Rhode Island legislature meanwhile didn't respond to calls and emails seeking comment. The Florida Department of Revenue said the SharePoint weaknesses were being investigated 'at multiple levels of government' but declined further comment. The hackers have also breached the systems of a US-based health-care provider and targeted a public university in Southeast Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report doesn't identify either entity by name, but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information. Hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, from some systems, according to a person familiar with the matter, who asked not to be identified discussing sensitive information. 'This is a high-severity, high-urgency threat,' said Mr Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks Inc. 'What makes this especially concerning is SharePoint's deep integration with Microsoft's platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,' he said. The cyber firm Eye Security said the flaws allow hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems. The breaches have drawn new scrutiny to Microsoft's efforts to shore up its security after a series of high-profile failures. The firm has hired executives from places like the US government and holds weekly meetings with senior executives to make its software more resilient. The company's tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company's security culture as in need of urgent reforms. Eye Security has detected compromises on more than 100 servers representing 60 victims, including organisations in the energy sector, consulting firms and universities. Victims were also located in Saudi Arabia, Vietnam, Oman and the United Arab Emirates, according to the company. In early July, Microsoft issued patches to fix the security holes, but hackers found another way in. 'There were ways around the patches' that enabled hackers to break into SharePoint servers by tapping into similar vulnerabilities, said Mr Vaisha Bernard, Eye Security's chief hacker and co-owner. 'That allowed these attacks to happen.' The intrusions, he said, were not targeted and instead were aimed at compromising as many victims as possible. He declined to identify the identity of organisations that had been targeted, but said they included government agencies and private companies, including 'bigger multinationals'. The victims were located in countries in North and South America, the European Union, South Africa and Australia, he said. BLOOMBERG
