Microsoft server hack hit about 100 organizations, researchers say
Microsoft on Saturday issued an alert about "active attacks" on self-hosted SharePoint servers, which are widely used by organizations to share documents and collaborate within organisations. SharePoint instances run off of Microsoft servers were unaffected.
Dubbed a "zero-day" because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organizations.
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether - and that was before the technique behind the hack was widely known.
"It's unambiguous," Bernard said. "Who knows what other adversaries have done since to place other backdoors."
He declined to identify the affected organizations, saying that the relevant national authorities had been notified.
The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organizations.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
"It's possible that this will quickly change," said Rafe Pilling, director of Threat Intelligence at Sophos, a British cybersecurity firm.
Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement.
It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Center said in a statement that it was aware of "a limited number" of targets in the United Kingdom. A researcher tracking the campaign said that the campaign appeared initially aimed at a narrow set of government-related organizations.
The pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNA
an hour ago
- CNA
Shares slip as investors look to earnings, tariff talks
LONDON :European shares fell on Tuesday, hit by mixed corporate earnings and anxiety over tariff negotiations between the U.S. and its trading partners, while the euro held steady. The Euro STOXX 600 index extended losses during morning trading and was last down 0.6 per cent, with bourses in Germany and France losing 1.1 per cent and 0.8 per cent respectively. Among the big decliners were chemical stocks which shed 2 per cent as Dulux paint maker Akzo Nobel lost 5.4 per cent after lowering its core profit outlook for 2025. Earnings from firms including SAP and UniCredit were also in focus. Investors were also following tariff talks ahead of Washington's August 1 deadline, with the European Union exploring a broader set of possible countermeasures against the U.S. as hopes for an acceptable agreement fade. The euro was steady at $1.1689 after rising 0.5 per cent on Monday, though still away from the near four-year high hit at the start of the month. The single currency is up 13 per cent this year as investors looked for alternatives to U.S. assets bruised by tariff uncertainties. Its performance is closely monitored for its impact on profits in the euro zone's export-reliant economy. "The euro's ability to maintain preference over the dollar amid tariff tensions will depend on the extent of any escalation and whether the EU emerges as a relative loser while other countries secure significant deals with the U.S.," ING analysts wrote in a note to clients. Wall Street futures were marginally down. The benchmark S&P 500 and the Nasdaq closed at record highs on Monday. [.N] Investors await results this week from Wall Street giants Alphabet and Tesla, as well as European heavyweights LVMH and Roche, as uncertainty over tariffs clouds the outlook. Earlier, Asian share markets drifted lower after scaling a near four-year peak. MSCI's broadest index of Asia-Pacific shares outside Japan hit its highest since October 2021 but finished down 0.4 per cent. The index is up nearly 16 per cent this year. Japanese markets returned after a holiday on Monday following the weekend's election where the ruling coalition suffered a defeat in upper house elections, although Prime Minister Shigeru Ishiba vowed to remain in his post. The yen rallied 1 per cent on Monday, recouping some of the losses from past weeks and was flat at 147.43 per dollar. FED INDEPENDENCE The dollar index, which gauges the unit against six other key currencies, was also flat at 97.849. Rumblings around the Federal Reserve's independence and whether U.S. President Donald Trump will fire Fed Chair Jerome Powell have kept investors on tenterhooks in recent weeks. U.S. Treasury Secretary Scott Bessent said on Monday the entire Federal Reserve needed to be examined as an institution and whether it had been successful. The Fed is widely expected to hold rates steady in its July meeting but might lower rates later in the year. Market focus will be squarely on Powell's impending speech on Tuesday for clues about when the Fed might ease policy. Brent crude futures fell 0.9 per cent to $68.56 a barrel, while U.S. West Texas Intermediate crude slipped by the same amount to $66.59 per barrel.
Business Times
2 hours ago
- Business Times
Microsoft rushes to stop hackers from wreaking global havoc
[WASHINGTON ]Hackers exploited a security flaw in common Microsoft software to breach governments, businesses and other organisations across the globe and steal sensitive information, according to officials and cybersecurity researchers. Microsoft over the weekend released a patch for the vulnerability in servers of the SharePoint document management software. The company said it was still working to roll out other fixes after warnings that hackers were targeting SharePoint clients, using the flaw to enter file systems and execute code. Multiple different hackers are launching attacks through the Microsoft vulnerability, according to representatives of two cybersecurity firms, CrowdStrike Holdings and Google's Mandiant Consulting. Hackers have already used the flaw to break into the systems of national governments in Europe and the Middle East, according to a person familiar with the matter. In the US, they've accessed government systems, including ones belonging to the US Department of Education, Florida's Department of Revenue and the Rhode Island General Assembly, said the person, who spoke on condition that they not be identified discussing the sensitive information. Representatives of the Department of Education and Rhode Island legislature didn't respond to calls and emails seeking comment on Monday. A Florida Department of Revenue spokesperson, Bethany Wester Cutillo, said in an email that the SharePoint vulnerability is being investigated 'at multiple levels of government' but that the state agency 'does not comment publicly on the software we use for operations.' The hackers also breached the systems of a US-based health-care provider and targeted a public university in South-east Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report doesn't identify either entity by name, but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up In some systems they've broken into, the hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, according to a person familiar with the matter, who also spoke on condition that they not be identified discussing the sensitive information. 'This is a high-severity, high-urgency threat,' said Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks. 'What makes this especially concerning is SharePoint's deep integration with Microsoft's platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,' he said. 'A compromise doesn't stay contained–it opens the door to the entire network.' Tens of thousands – if not hundreds of thousands – of businesses and institutions worldwide use SharePoint in some fashion to store and collaborate on documents. Microsoft said that attackers are specifically targeting clients running SharePoint servers from their own on-premise networks, as opposed to being hosted and managed by the tech firm. That could limit the impact to a subsection of customers. A Microsoft spokesperson declined to comment beyond an earlier statement. 'It's a dream for ransomware operators,' said Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys. He estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of such firms, followed by the Netherlands, the UK and Canada, he said. The breaches have drawn new scrutiny to Microsoft's efforts to shore up its cybersecurity after a series of high-profile failures. The firm has hired executives from places like the US government and holds weekly meetings with senior executives to make its software more resilient. The company's tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company's security culture as in need of urgent reforms. The Center for Internet Security, which operates a cybersecurity information sharing system for state and local governments in the US, found more than 1,100 servers that are at risk from the SharePoint vulnerability, said Randy Rose, the organisation's vice president of security operations and intelligence. Rose said more than 100 were likely hacked. The Washington Post reported that the breach had affected US federal and state agencies, universities, energy companies and an Asian telecommunications company, citing state officials and private researchers. Eye Security was the first to identify that attackers were actively exploiting the vulnerabilities in a wave of cyberattacks that began on Friday, said Vaisha Bernard, the company's chief hacker and co-owner. Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems. The SharePoint vulnerabilities, known as 'ToolShell,' were first identified in May by researchers at a Berlin cybersecurity conference. In early July, Microsoft issued patches to fix the security holes, but hackers found another way in. 'There were ways around the patches,' which enabled hackers to break into SharePoint servers by tapping into similar vulnerabilities, said Bernard. 'That allowed these attacks to happen.' The intrusions, he said, were not targeted and instead were aimed at compromising as many victims as possible. After scanning about 8,000 SharePoint servers, Bernard said he has so far identified at least 50 that were successfully compromised. He declined to identify the identity of organisations that had been targeted, but said they included government agencies and private companies, including 'bigger multinationals.' The victims were located in countries in North and South America, the EU, South Africa, and Australia, he added. BLOOMBERG
CNA
3 hours ago
- CNA
HP owed over $940 million by Mike Lynch's estate, ex-business partner, UK court rules
LONDON :Hewlett Packard is owed more than 700 million pounds ($944 million) from the estate of the late Mike Lynch and his former business partner over its acquisition of their British software firm Autonomy, a judge at London's High Court said on Tuesday. HP was seeking to recoup its losses from Lynch – who died last year when his luxury yacht sank off Sicily – and Autonomy's former chief financial officer, Sushovan Hussain. The U.S. technology giant sued Lynch and Hussain accusing them of masterminding an elaborate fraud to inflate the value of Autonomy, which HP bought for $11.1 billion in 2011 before the deal spectacularly unravelled. HP wrote down Autonomy's value by $8.8 billion within a year and brought a $5 billion lawsuit against Lynch and Hussain in London, with a judge ruling in HP's favour in 2022. Lynch, once hailed as Britain's answer to Bill Gates, had always maintained his innocence and blamed HP for failing to integrate Autonomy into the company. He was acquitted of criminal charges over the deal in the U.S. and had intended to appeal the High Court's 2022 ruling, a process which was on hold pending Tuesday's decision on damages. Judge Robert Hildyard ruled HP sustained losses of over 646 million pounds ($871.8 million) in relation to the difference between what HP paid for Autonomy and what HP would have paid "had Autonomy's true financial position been correctly presented". Hilyard also said HP was entitled to another 51.7 million pounds in relation to "personal claims for deceit and/or misrepresentation against Dr Lynch and Mr Hussain", plus another $47.5 million in relation to losses suffered by group companies. HP said at a hearing last year that it was seeking up to $4 billion. Hussain settled with HP earlier this year. ($1 = 0.7412 pounds)
