
Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say
LONDON (Reuters) -A global attack on Microsoft server software used by thousands of government agencies and businesses to share documents within organisations is likely the work of a single actor, a cybersecurity researcher said on Monday.
Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day" because it was previously unknown to cybersecurity researchers.
"Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm.
That tradecraft included the sending of the same digital payload to multiple targets, Pilling added.
Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement.
It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre did not immediately respond to a request for comment.
The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses.
According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend.
"Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
(Reporting by James Pearson, Editing by Nick Zieminski)
Hashtags

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles


The Star
an hour ago
- The Star
Cycling-Vauquelin suffers leg injury at home after top-10 Tour de France finish
FILE PHOTO: Cycling - Tour de France - Stage 18 - Vif to Courchevel Col de la Loze - Vif, France - July 24, 2025 Arkea - B&B Hotels' Kevin Vauquelin in action during stage 18 REUTERS/Benoit Tessier/File Photo


The Star
2 hours ago
- The Star
Moscow court fines Zoom for failing to abide by Russian internet rules
The Zoom Video Communications logo is pictured at the NASDAQ MarketSite in New York, New York, U.S., April 18, 2019. REUTERS/Carlo Allegri/File Photo


The Star
3 hours ago
- The Star
Air India audit finds 51 safety lapses, from unapproved simulators to training gaps
The findings come as Air India faces renewed scrutiny after the deadly Boeing 787 crash in June. - Photo: Reuters NEW DELHI: India's aviation watchdog found 51 safety lapses at Air India in its July audit, including lack of adequate training for some pilots, use of unapproved simulators and a poor rostering system, according to a government report seen by Reuters. The annual audit was not related to the deadly Boeing 787 crash last month that killed 260 people in Ahmedabad, but its findings come as the airline faces renewed scrutiny after the accident. The Tata Group-owned airline is already facing warning notices for running planes without checking emergency equipment, not changing engine parts in time and forging records, along with other lapses related to crew fatigue management. The 11-page confidential audit report from the Directorate General of Civil Aviation (DGCA) noted seven "Level I" significant breaches which need to be fixed by July 30, and 44 other non-compliances classified which need to be resolved by August 23. Officials said they found "recurrent training gaps" for some unspecified Boeing 787 and 777 pilots, saying they had not completed their monitoring duties - where they don't fly but observe functioning of instruments in the cockpit - ahead of mandatory periodic evaluations. Air India's fleet includes 34 Boeing 787s and 23 Boeing 777s, according to Flightradar24 website. Flagging operational and safety risks, officials wrote in their report that Air India did not do "proper route assessments" for some so-called Category C airports - which may have challenging layouts or terrain - and conducted training for such airfields with simulators that did not meet qualification standards. "This may account to non-consideration of safety risks during approaches to challenging airports," the DGCA audit report said. In a statement to Reuters, Air India said it was "fully transparent" during the audit. It added it will "submit our response to the regulator within the stipulated time frame, along with the details of the corrective actions." A preliminary report into the June crash found that the fuel control switches were flipped almost simultaneously after takeoff and there was pilot confusion in the cockpit. One pilot asked the other why he cut off the fuel and the other responded that he hadn't done so, the report said. The DGCA has often flagged concerns about Air India pilots breaching the limits of their flight-duty periods, and the audit report said an AI-787 Milan-New Delhi flight last month exceeded the limit by 2 hours and 18 minutes, calling it a "Level I" non-compliance. The audit was conducted by 10 DGCA inspectors, and included another four auditors. It also criticised the airline's rostering system, which it said "doesn't give a hard alert" if a minimum number of crew members were not being deployed on a flight, adding that at least four international flights had flown with insufficient cabin crew. Tata acquired Air India from the government in 2022. While it has aggressively expanded its international network, it faces persistent complaints from passengers, who often take to social media to show soiled seats, broken armrests, non-operational entertainment systems and dirty cabin areas. Reuters reported last week that Air India's senior executives, including the airline's director of flight operations and its director of training, were sent notices on July 23 flagging 29 "systemic" lapses, pulling up the airline for ignoring "repeated" warnings. Air India has said it will respond to the regulator. The audit report noted that "door checks and equipment checks" showed inconsistency with procedures and there were gaps in training documentation. Further, it said no chief pilots were assigned for Airbus A320 and A350 fleet. "This results in a lack of accountability, and effective monitoring of flight operations for these aircraft types," the report said. Last year, authorities warned or fined airlines in 23 instances for safety violations, with 11 involving the Air India Group. The biggest fine was $127,000 on Air India for "insufficient oxygen on board" during some international flights. - Reuters