Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say
LONDON (Reuters) -A global attack on Microsoft server software used by thousands of government agencies and businesses to share documents within organisations is likely the work of a single actor, a cybersecurity researcher said on Monday.
Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day" because it was previously unknown to cybersecurity researchers.
"Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm.
That tradecraft included the sending of the same digital payload to multiple targets, Pilling added.
Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement.
It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre did not immediately respond to a request for comment.
The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses.
According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend.
"Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
(Reporting by James Pearson, Editing by Nick Zieminski)
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Star
19 minutes ago
- The Star
Trump says trade deal struck with Japan includes 15% tariff
Containers are pictured at an industrial port in Tokyo, Japan, July 2, 2025. REUTERS/Kim Kyung-Hoon/File Photo WASHINGTON (Reuters) -President Donald Trump on Tuesday said the U.S. and Japan had struck a trade deal that includes a 15% tariff that will be levied on U.S. imports from the country. In a post on Truth Social, Trump said the deal would include $550 billion of Japanese investments in the United States. He also said that Japan would increase market access to American producers of cars, trucks, rice and certain agricultural products, among other items. Trump's post made no mention of easing tariffs on Japanese automobiles, which account for more than a quarter of all the country's exports to the United States and are subject to a 25% tariff. Reuters could not immediately confirm the elements of the deal announced by Trump, and details were scant. The White House did not immediately respond to a request for additional details, while the Japanese foreign ministry did not immediately respond to a request for comment on Trump's announcement. "This is a very exciting time for the United States of America, and especially for the fact that we will continue to always have a great relationship with the Country of Japan," Trump said. Trump's announcement follows a meeting with Japan's top tariff negotiator, Ryosei Akazawa, at the White House on Tuesday, according to a person familiar with the matter. (Reporting by Trevor Hunnicutt and Jasper Ward; Editing by Lincoln Feast.)
The Star
an hour ago
- The Star
Amazon to buy startup focused on AI wearables
FILE PHOTO: Amazon logo is seen in this illustration created on February 16, 2025. REUTERS/Dado Ruvic/Illustration/File Photo SAN FRANCISCO (Reuters) -Amazon has reached a deal to buy San Francisco-based Bee, a startup making an artificial intelligence-enabled bracelet to listen in on and transcribe conversations. Bee's $50 wristband can analyze and distill what it records to make summaries, to-do lists or other tasks. Amazon confirmed the deal on Tuesday following a post on LinkedIn by Bee CEO and co-founder Maria de Lourdes Zollo. The deal has not yet closed and Amazon declined to provide terms. A spokesperson said Amazon will work with Bee to give users more control over the devices, which are set to automatically transcribe audio but can be muted. "We imagined a world where AI is truly personal, where your life is understood and enhanced by technology that learns with you,' said Zollo in her post. She did not immediately respond to a query on Tuesday. It was not Amazon's first foray into wearables. The Seattle online retailer marketed a line of wrist health trackers called Halo but ultimately killed the project in 2023. It also has a line of smart glasses embedded with Amazon's virtual assistant, Alexa, under its Echo brand. ChatGPT parent OpenAI bought former Apple designer Jony Ive's AI device startup called io for about $6.5 billion. Other startups have made early attempts at AI wearables, with mixed results. In her post, Zollo thanked Amazon devices executive Panos Panay, suggesting Bee would join his group when the deal closes. Much of Amazon's AI development is being conducted in its Amazon Web Services unit. Bee was founded in 2022. (Reporting by Greg Bensinger in San Francisco; Editing by Matthew Lewis)
The Star
an hour ago
- The Star
Indonesia to cut tariffs, non-tariff barriers in US trade deal, Trump official says
A drone view shows stacks of containers at the Tanjung Priok port in Jakarta, Indonesia, July 10, 2025. REUTERS/Ajeng Dinar Ulfiana/File Photo WASHINGTON (Reuters) -Indonesia has agreed to eliminate tariffs on more than 99% of U.S. goods and scrap all non-tariff barriers facing American firms, while the U.S. will drop threatened tariffs on Indonesian products to 19% from 32%, the two countries said on Tuesday. Trump hailed the deal, which he first announced on July 15, in a posting on his Truth Social media platform, calling it a "huge win for our Automakers, Tech Companies, Workers, Farmers, Ranchers, and Manufacturers." Details of a framework for the accord were released in a joint statement by both countries, and a fact sheet issued by the White House. They said negotiators for both countries would finalize the actual agreement in coming weeks. "Today, the United States of America and the Republic of Indonesia agreed to a framework for negotiating an agreement on reciprocal trade to strengthen our bilateral economic relationship, which will provide both countries' exporters unprecedented access to each other's markets," the statement said. The Indonesia deal is among only a handful reached so far by the Trump administration ahead of an August 1 deadline when higher tariffs are due to kick in. The U.S. tariff rate on Indonesia, Southeast Asia's largest economy, matches the 19% announced for the Philippines earlier on Tuesday. Vietnam's tariff rate has been set at 20%. Under the agreement, Indonesia will immediately drop its plans to levy tariffs on internet data flows and it agreed to support renewal of a longstanding World Trade Organization moratorium on e-commerce duties, a senior Trump administration official told reporters on a conference call. Indonesia also will remove recently enacted pre-shipment inspections and verifications of U.S. exports that have posed problems for U.S. agricultural exports and contributed to a growing U.S. farm trade deficit, the official said. The official, who was not authorized to speak publicly, said the agreement could help restore the surplus in agricultural goods that the United States once had with Indonesia, until it implemented the pre-shipment requirements. In a win for U.S. automakers, the official said Indonesia has agreed to accept U.S. Federal Motor Vehicle Safety Standards for vehicles exported from the United States to the growing country of 280 million people. Indonesia also has agreed to remove export restrictions on industrial commodities, including critical minerals, the joint statement said. The U.S. official said it would also remove local content requirements for products using these commodities that were shipped to the United States. The joint statement said the U.S. would reduce the reciprocal tariff rate to 19%, and "may also identify certain commodities that are not naturally available or domestically produced in the United States for a further reduction in the reciprocal tariff rate." No further details were provided. The two countries said they would negotiate rules of origin to ensure the benefits of the deal accrue mainly to the U.S. and Indonesia, not third countries. They said Indonesia would work to address barriers for U.S. goods, including through the removal of import restrictions and licensing requirements on U.S. remanufactured goods or parts. Indonesia also agreed to join the Global Forum on Steel Excess Capacity and take actions to address global excess capacity in the steel sector. (Reporting by Andrea Shalal and David Lawder; Editing by Jamie Freed)
