Microsoft server hack hit about 100 organizations, researchers say
Microsoft on Saturday issued an alert about 'active attacks' on self-hosted SharePoint servers, which are widely used by organizations to share documents and collaborate within organizations. SharePoint instances run off of Microsoft servers were unaffected.
Dubbed a 'zero-day' because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organizations.
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether – and that was before the technique behind the hack was widely known.
'It's unambiguous,' Bernard said. 'Who knows what other adversaries have done since to place other backdoors.'
He declined to identify the affected organizations, saying that the relevant national authorities had been notified.
The Shadowserver Foundation confirmed the 100 figure. It said most of those affected were in the United States and Germany, and the victims included government organizations.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
'It's possible that this will quickly change,' said Rafe Pilling, director of Threat Intelligence at Sophos, a British cybersecurity firm.
Microsoft said it had 'provided security updates and encourages customers to install them,' a company spokesperson said in an emailed statement.
It was not clear who was behind the ongoing hack, but Alphabet's Google, which has visibility into wide swaths of internet traffic, said it tied at least some of the hacks to a 'China-nexus threat actor.'
The Chinese Embassy in Washington didn't immediately respond to a message seeking comment; Beijing routinely denies carrying out hacking operations.
The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Center said in a statement that it was aware of 'a limited number' of targets in the United Kingdom. A researcher tracking the campaign said that the campaign appeared initially aimed at a narrow set of government-related organizations.
The pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Shadowserver put the number at a little more than 9,000, while cautioning that the figure was a minimum.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
'The SharePoint incident appears to have created a broad level of compromise across a range of servers globally,' said Daniel Card of British cybersecurity consultancy PwnDefend.
'Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
NDTV
34 minutes ago
- NDTV
Rise Of Deepfakes: Realistic AI Impersonations Threaten Governments, Businesses, And Trust
WASHINGTON: The phone rings. It's the secretary of state calling. Or is it? For Washington insiders, seeing and hearing is no longer believing, thanks to a spate of recent incidents involving deepfakes impersonating top officials in President Donald Trump's administration. Digital fakes are coming for corporate America, too, as criminal gangs and hackers associated with adversaries, including North Korea, use synthetic video and audio to impersonate CEOs and low-level job candidates to gain access to critical systems or business secrets. Thanks to advances in artificial intelligence, creating realistic deepfakes is easier than ever, causing security problems for governments, businesses and private individuals and making trust the most valuable currency of the digital age. Responding to the challenge will require laws, better digital literacy and technical solutions that fight AI with more AI. "As humans, we are remarkably susceptible to deception," said Vijay Balasubramaniyan, CEO and founder of the tech firm Pindrop Security. But he believes solutions to the challenge of deepfakes may be within reach: "We are going to fight back." This summer, someone used AI to create a deepfake of Secretary of State Marco Rubio in an attempt to reach out to foreign ministers, a US senator and a governor over text, voice mail and the Signal messaging app. In May, someone impersonated Trump's chief of staff, Susie Wiles. Another phoney Rubio had popped up in a deepfake earlier this year, saying he wanted to cut off Ukraine's access to Elon Musk's Starlink internet service. Ukraine's government later rebutted the false claim. The national security implications are huge: People who think they're chatting with Rubio or Wiles, for instance, might discuss sensitive information about diplomatic negotiations or military strategy. "You're either trying to extract sensitive secrets or competitive information, or you're going after access to an email server or other sensitive network," Kinny Chan, CEO of the cybersecurity firm QiD, said of the possible motivations. Synthetic media can also aim to alter behavior. Last year, Democratic voters in New Hampshire received a robocall urging them not to vote in the state's upcoming primary. The voice on the call sounded suspiciously like then-President Joe Biden but was actually created using AI. Their ability to deceive makes AI deepfakes a potent weapon for foreign actors. Both Russia and China have used disinformation and propaganda directed at Americans as a way of undermining trust in democratic alliances and institutions. Steven Kramer, the political consultant who admitted sending the fake Biden robocalls, said he wanted to send a message about the dangers deepfakes pose to the American political system. Kramer was acquitted last month of charges of voter suppression and impersonating a candidate. "I did what I did for $500," Kramer said. "Can you imagine what would happen if the Chinese government decided to do this?" The greater availability and sophistication of the programs mean deepfakes are increasingly used for corporate espionage and garden variety fraud. "The financial industry is right in the crosshairs," said Jennifer Ewbank, a former deputy director of the CIA who worked on cybersecurity and digital threats. "Even individuals who know each other have been convinced to transfer vast sums of money." In the context of corporate espionage, they can be used to impersonate CEOs asking employees to hand over passwords or routing numbers. Deepfakes can also allow scammers to apply for jobs - and even do them - under an assumed or fake identity. For some, this is a way to access sensitive networks, to steal secrets or to install ransomware. Others just want the work and may be working a few similar jobs at different companies at the same time. Authorities in the US have said that thousands of North Koreans with information technology skills have been dispatched to live abroad, using stolen identities to obtain jobs at tech firms in the US and elsewhere. The workers get access to company networks as well as a paycheck. In some cases, the workers install ransomware that can be later used to extort even more money. The schemes have generated billions of dollars for the North Korean government. Within three years, as many as 1 in 4 job applications are expected to be fake, according to research from Adaptive Security, a cybersecurity company. "We've entered an era where anyone with a laptop and access to an open-source model can convincingly impersonate a real person," said Brian Long, Adaptive's CEO. "It's no longer about hacking systems - it's about hacking trust." Researchers, public policy experts and technology companies are now investigating the best ways of addressing the economic, political and social challenges posed by deepfakes. New regulations could require tech companies to do more to identify, label and potentially remove deepfakes on their platforms. Lawmakers could also impose greater penalties on those who use digital technology to deceive others, if they can be caught. Greater investments in digital literacy could also boost people's immunity to online deception by teaching them ways to spot fake media and avoid falling prey to scammers. The best tool for catching AI may be another AI program, one trained to sniff out the tiny flaws in deepfakes that would go unnoticed by a person. Systems like Pindrop's analyze millions of datapoints in any person's speech to quickly identify irregularities. The system can be used during job interviews or other video conferences to detect if the person is using voice cloning software, for instance. Similar programs may one day be commonplace, running in the background as people chat with colleagues and loved ones online. Someday, deepfakes may go the way of email spam, a technological challenge that once threatened to upend the usefulness of email, said Balasubramaniyan, Pindrop's CEO. "You can take the defeatist view and say we're going to be subservient to disinformation," he said. "But that's not going to happen." (Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)
Time of India
an hour ago
- Time of India
Satcom spectrum allocation rules likely to be in place within two months
New Delhi: Rules for the allocation of spectrum for satellite communications services are likely to be in place within two months, a government official said on Monday. The spectrum allocation rules are the last lap that will enable Elon Musk-led Starlink , Bharti Group-backed Eutelsat Oneweb and Jio SES to apply for the radiowaves and start rolling out their services. "Spectrum allocation rules are likely to be fixed in two months. After that, it will be at the discretion of satcom services when they want to roll out their services," the official said. The Telecom Regulatory Authority of India (Trai) has recommended that the government should allocate spectrum without auction and through an administrative process-- a move that has seen huge resistance from telecom operators Reliance Jio and Bharti Airtel initially. The regulator has suggested that spectrum for satcom services can be for a period of up to five years and considering the market conditions, the government may extend it for a further period of up to two years. Trai has suggested that spectrum charges for both GSO-based and Non-Geostationary Orbit (NGSO) Fixed Satellite Services should be levied at 4 per cent of adjusted gross revenue (AGR). OneWeb and Starlink fall into the LEO (low earth orbit) category which are considered to be Non-Geostationary Orbit (NGSO) satellites. Besides, NGSO-based Fixed Satellite service providers should also pay an additional per subscriber charge of ₹500 per annum in urban areas while exempting the rural and remote areas from this additional charge. While allaying the threat to land-based telecom networks from satcom services, Union Minister Pemmasani Chandra Sekhar said that Musk-led satellite communication services provider Starlink can have only 20 lakh connections in India with a peak speed of 200 megabits per second. A government official mentioned that the limit on Starlink connections is due to its existing capacity. The minister said that the upfront cost for satcom services will be too high and the monthly cost may be around ₹3,000. PTI
Mint
an hour ago
- Mint
Cadence nears deal to pay over $100 million to US for China sales, sources say
Cadence accused of selling chip design tools to Chinese military university Settlement discussions between Cadence and US began in December Resolution nears as US and China engage in new trade talks July 28 - Cadence Design is expected to pay over $100 million to the U.S. government as part of a deal to resolve an investigation into sales of its chip design products to a Chinese military university believed to be involved in simulating nuclear explosions, according to two people familiar with the matter. Cadence is accused of illegally selling chip design technology to front companies representing China's National University of Defense Technology, the sources said. NUDT's supercomputers are thought to support nuclear explosive simulation and military simulation activities, according to U.S. Commerce Department notices restricting shipments to the university. San Jose, California-based Cadence, which said earlier this year it began settlement discussions with the U.S. over sales to China in December, did not immediately respond to a request for comment, nor did NUDT. The Justice Department declined immediate comment. The Commerce Department did not immediately respond to a request for comment. The potential deal, which comes as the U.S. and China meet for new trade talks, shows the U.S. is still willing to enforce U.S. export controls on China, even as it relaxes some of the restrictions as part of negotiations. The sources said the deal is not finalized. NUDT was put on the Commerce Department's restricted trade list in 2015 to keep it from using U.S. technology to power its supercomputers, according to department postings. Other aliases and locations were added to the university's listing in 2019 and 2022, including Hunan Guofang Keji University, Central South CAD Center, and CSCC. The U.S. investigation into Cadence, which began more than four years ago, involves 'historical sales by Cadence to customers in China,' according to a company filing. Cadence received a subpoena from the U.S. Commerce Department in February 2021, demanding records related to certain customers in China. A related November 2023 subpoena followed from the Justice Department over the company's business activity in China. Cadence sold its EDA technology to NUDT through the CSCC or Central South CAD Center alias about 50 times between 2015 and 2020, according to one source familiar with the probe. Chip developer Tianjin Phytium Information Technology, which traces its roots to NUDT, also has been tied to Cadence sales for the university, another source said. Phytium was added to the restricted trade list in 2021. It did not immediately respond to a request for comment. Several employees at a Chinese subsidiary of Cadence were terminated over the sales, one of the sources said. Entities are placed on the restricted trade list, formally known as the entity list, for activities deemed contrary to U.S. national security or foreign policy interests. U.S. companies are not allowed to ship goods and technology to them without licenses from the Commerce Department, which are generally denied. Cadence will hold a call about its second-quarter financial results at 2 p.m. Pacific Time on Monday. Cadence, whose customers include major semiconductor manufacturers and companies such as Nvidia and Qualcomm, is known for its electronic computer-aided design software. Electronic design automation tools are key to designing chips and verifying that they are bug-free. NUDT has developed chips to power university supercomputers, including Tianhe-2, once touted as the world's best supercomputer, which the U.S. believes has been used in research on or the development of nuclear explosive devices. Twelve percent of Cadence's revenue came from China last year, down from 17% in 2023, amid regulatory developments and geopolitical tensions. This article was generated from an automated news agency feed without modifications to text.
