Latest news with #MicrosoftSharePoint
Time of India
24-07-2025
- Business
- Time of India
Microsoft hack fallout worsens: These countries were hit the hardest in global cyber meltdown
A serious Microsoft SharePoint vulnerability has led to breaches in hundreds of organizations around the world, making the global cybersecurity crisis even worse. This attack is huge and is spreading quickly. It affects everything from health departments to nuclear agencies. Again, Chinese state-sponsored hackers are being blamed. The major security hole in Microsoft SharePoint has led to a huge number of cyberattacks that have affected more than 400 businesses around the world. The United States, Mauritius, Jordan, and South Africa were some of the countries that were hit the hardest. Explore courses from Top Institutes in Please select course: Select a Course Category CXO MCA Design Thinking Public Policy MBA Management Data Science Degree PGDM Technology Data Analytics Leadership Digital Marketing Data Science healthcare Product Management Artificial Intelligence Cybersecurity Operations Management Healthcare Others others Finance Project Management Skills you'll gain: Customer-Centricity & Brand Strategy Product Marketing, Distribution, & Analytics Digital Strategies & Innovation Skills Leadership Insights & AI Integration Expertise Duration: 10 Months IIM Kozhikode IIMK Chief Marketing and Growth Officer Starts on Apr 7, 2024 Get Details Skills you'll gain: Technology Strategy & Innovation Emerging Technologies & Digital Transformation Leadership in Technology Management Cybersecurity & Risk Management Duration: 24 Weeks Indian School of Business ISB Chief Technology Officer Starts on Jun 28, 2024 Get Details Skills you'll gain: Digital Strategy Development Expertise Emerging Technologies & Digital Trends Data-driven Decision Making Leadership in the Digital Age Duration: 40 Weeks Indian School of Business ISB Chief Digital Officer Starts on Jun 30, 2024 Get Details Skills you'll gain: Operations Strategy for Business Excellence Organizational Transformation Corporate Communication & Crisis Management Capstone Project Presentation Duration: 11 Months IIM Lucknow Chief Operations Officer Programme Starts on Jun 30, 2024 Get Details What caused the Microsoft SharePoint breach to spiral? Experts say that the damage could get worse as more groups take advantage of the same weakness, as more and more people are worried about Chinese-backed hacking groups. According to one research firm, the number of businesses and organizations impacted by a security flaw in Microsoft Corp.'s (MSFT) SharePoint servers is growing quickly, with the number of victims more than six times increasing in a matter of days. Live Events According to estimates from Eye Security , a Dutch cybersecurity firm that detected an early wave of the attacks last week, hackers have gained access to approximately 400 government organizations, businesses, and other organizations. Could classified data be at risk? According to its earlier estimate, which it gave to Bloomberg News on Tuesday, that is an increase from about 60. The majority of victims are in the United States, followed by Mauritius, Jordan, South Africa, and the Netherlands, according to the security firm. According to a previous Bloomberg report, one of those compromised was the National Nuclear Security Administration , the US organization in charge of creating and managing the country's nuclear weapons stockpile, as per a report by Bloomberg. According to someone with knowledge of the situation, the SharePoint bugs also affected the National Institutes of Health. "The Department and its security teams are actively engaged in monitoring, identifying, and mitigating all risks to our IT systems posed by the Microsoft SharePoint vulnerability," stated Andrew Nixon, a spokesman for the Department of Health and Human Services, as per a report by Bloomberg. He added that the department is working with Microsoft and the US Cybersecurity and Infrastructure Security Agency and that there is currently no indication that any information was compromised due to this vulnerability. The NIH breach was previously reported by The Washington Post. ALSO READ: Is the Antonov AN-24 safe? Here's everything to know about the plane that crashed in Russia, killing 49 How are governments responding to the escalating cyber threat? Although its systems and websites were functioning normally, South Africa's National Treasury stated that it was contacting Microsoft for assistance after finding malware on its network. Amid increased tensions between Washington and Beijing over international security and trade, the hacks are among the most recent significant breaches that Microsoft has attributed, at least in part, to China. Over the course of several decades, China has been the target of numerous US criticisms for alleged government and corporate secret theft campaigns. Threat analyst Sveva Scenarelli of Recorded Future Inc. said state-backed hackers typically target significant cybersecurity flaws, such as the SharePoint vulnerability, in waves. After the vulnerability is identified, they will start using it more broadly after initially launching covert, targeted hacks. After gaining access, individual threat groups are able to identify compromised organizations and rank those that are most important for further action. Scott Bessent, the US Treasury Secretary, hinted that a Wednesday interview with Bloomberg Television would touch on the SharePoint hacks. By gaining access to SharePoint servers and stealing keys, hackers can potentially gain deep access into compromised networks and steal sensitive information by posing as users or services. Although Microsoft has released patches to address the vulnerabilities, researchers warned that hackers might have already gained access to a large number of servers. Microsoft claimed that the attacks were carried out by Chinese state-sponsored hackers known as Linen Typhoon and Violet Typhoon. They were also exploited by another Chinese hacker group, Storm-2603, according to Microsoft, as per a report by Bloomberg. Tens of thousands of Microsoft Exchange servers were compromised by an alleged Chinese operation in 2021, and Microsoft Exchange was the target of another alleged Chinese attack in 2023. Microsoft has frequently accused China of being responsible for significant cyberattacks. Chinese Foreign Ministry spokesman Guo Jiakun said that cybersecurity is a problem that all nations face and that it should be solved cooperatively and through communication. Microsoft's hacker collective Linen Typhoon was initially discovered in 2012 and is primarily concerned with stealing intellectual property from government, defense, strategic planning, and human rights organizations. FAQs Which countries were the most impacted by the Microsoft hack ? The United States was the hardest hit, followed by Mauritius, Jordan, South Africa, and the Netherlands. Who is thought to be behind the cyberattacks? Microsoft attributes the attacks to Chinese state-sponsored groups such as Linen Typhoon and Violet Typhoon.
CNA
24-07-2025
- CNA
Schools told to update systems to guard against potential vulnerabilities; MOE says no cyberattacks found
SINGAPORE: The Ministry of Education (MOE) said on Wednesday (Jul 23) that it had advised schools to update their Microsoft SharePoint servers with the latest security patch to guard against potential vulnerabilities, but it added that no cyberattacks had been detected so far. MOE's statement came in response to CNA queries, when it emerged that the School of the Arts (SOTA) had taken down its parents portal as a part of a cybersecurity measure. The school said it had identified a vulnerability in the third-party server infrastructure supporting the portal and that the third-party service provider had acknowledged such reports from their server customers. "This vulnerability is currently being actively exploited in a global cyberattack campaign, which has already compromised organisations worldwide, including government agencies and multinational corporations," the school said in a message to parents. "The attacks, which began on Jul 18, are specifically targeting school-managed installations." In a media statement later on Wednesday evening, SOTA said it did not identify any compromise of its systems. It added that it had temporarily disconnected the parent portal, which is hosted on SharePoint, from the internet as a "precautionary measure" to facilitate the security patch, as advised by MOE. On Tuesday, the Cyber Security Agency of Singapore (CSA) issued an alert for users of Microsoft SharePoint to update to the latest version, citing "critical vulnerabilities". SharePoint is a web-based collaborative document management platform developed by Microsoft. On the same day, Microsoft issued a threat intelligence note warning of active attacks targeting SharePoint servers via known vulnerabilities. It said security updates have been released to address the flaws. The note linked the attacks to three China-based groups, and added that investigations into other threat actors are ongoing. In response to CNA's queries, CSA said it has reached out to "all critical sectors" that are using vulnerable versions of SharePoint to advise them to update to the latest version provided by Microsoft. The agency added that it is working with GovTech and the sectors to analyse the impact. In an updated advisory published on Thursday, CSA said that patching alone is insufficient if a SharePoint server has already been compromised. "Based on incidents reported worldwide, threat actors continue to be able to exploit already-patched SharePoint servers, if additional mitigation measures had not been applied," said CSA. "Mitigation steps, which include rotating keys, restarting IIS service and removing artefacts (e.g. web shells), are critical to minimise the risk to your organisation."
&w=3840&q=100)
Business Standard
24-07-2025
- Business
- Business Standard
Microsoft hack hits hundreds of firms, agencies as damage spreads
The number of companies and organizations compromised by a security vulnerability in Microsoft Corp.'s SharePoint servers is increasing rapidly, with the tally of victims soaring more than six-fold in a few days, according to one research firm. Hackers have breached about 400 government agencies, corporations and other groups, according to estimates from Eye Security, the Dutch cybersecurity company that identified an early wave of the attacks last week. That's up from roughly 60 based on its previous estimate provided to Bloomberg News on Tuesday. The security firm said that most of the victims are in the US, followed by Mauritius, Jordan, South Africa and the Netherlands. The National Nuclear Security Administration, the US agency responsible for maintaining and designing the nation's cache of nuclear weapons, was among those breached, Bloomberg reported earlier. The National Institutes of Health was also impacted through the SharePoint flaws, according to a person familiar with the matter. Andrew Nixon, a spokesperson for the Department of Health and Human Services, said, 'The Department and its security teams are actively engaged in monitoring, identifying, and mitigating all risks to our IT systems posed by the Microsoft SharePoint vulnerability.' 'At present, we have no indication that any information was breached as a result of this vulnerability,' he said, adding that the department is collaborating with Microsoft and the US Cybersecurity and Infrastructure Security Agency. The Washington Post previously reported that NIH was breached. And South Africa's National Treasury said it was seeking help from Microsoft after discovering malware on its network, but added that its systems and websites were operating normally. The hacks are among the latest major breaches that Microsoft has blamed, at least in part, on China and come amid heightened tensions between Washington and Beijing over global security and trade. The US has repeatedly criticised China for campaigns that have allegedly stolen government and corporate secrets over a period spanning decades. The real number of victims from the SharePoint exploits 'might be much higher as there can be many more hidden ways to compromise servers that do not leave traces,' Eye Security's co-owner Vaisha Bernard said in an email to Bloomberg News. 'This is still developing, and other opportunistic adversaries continue to exploit vulnerable servers.' The organisations compromised in the SharePoint breaches include many working in government, education and technology services, Bernard said. There were smaller numbers of victims in countries across Europe, Asia, the Middle East and South America. State-backed hackers tend to exploit major cybersecurity weaknesses, like the SharePoint vulnerability, in waves, according to Sveva Scenarelli, a threat analyst with Recorded Future Inc. They start with secretive, targeted hacks and then, once the vulnerability is discovered, will begin using it more indiscriminately, she said. 'Once access has been acquired, individual threat groups can then triage compromised organizations, and prioritize those of particular interest for follow-on activity,' said Scenarelli, of the cyber intelligence firm's Insikt Group. She said this can include finding ways to maintain access to a compromised network, burrowing deeper and setting up paths to steal sensitive information. US Treasury Secretary Scott Bessent, who is set to meet his Chinese counterparts in Stockholm next week for a third round of trade talks, suggested in a Bloomberg Television interview Wednesday that the SharePoint hacks will be discussed. 'Obviously things like that will be on the agenda with my Chinese counterparts,' he said. The security flaws allow hackers to access SharePoint servers and steal keys that can let them impersonate users or services, potentially enabling deep access into compromised networks to steal confidential data. Microsoft has issued patches to fix the vulnerabilities, but researchers cautioned that hackers may have already got a foothold into many servers. Microsoft on Tuesday accused Chinese state-sponsored hackers known as Linen Typhoon and Violet Typhoon of being behind the attacks. Another hacking group based in China, which Microsoft calls Storm-2603, also exploited them, according to the company. The Redmond, Washington company has repeatedly blamed China for major cyberattacks. In 2021, an alleged Chinese operation compromised tens of thousands of Microsoft Exchange servers. In 2023, another alleged Chinese attack on Microsoft Exchange compromised senior US officials' email accounts. A US government review later accused Microsoft of a 'cascade of security failures' over the 2023 incident. Eugenio Benincasa, a researcher at ETH Zurich's Center for Security Studies who specializes in analyzing Chinese cyberattacks, said members of the groups identified by Microsoft had previously been indicted in the US for their alleged involvement in hacking campaigns targeting US organizations. They are well known for their 'extensive espionage,' he said. It's likely that the SharePoint breaches are being carried out by proxy groups that work with the government rather than Chinese government agencies directly carrying out the hacking, according to Benincasa. Private hacking companies in the country sometimes participate in 'hacker for hire' operations, he added. 'Now that at least three groups have reportedly exploited the same vulnerability, it's plausible more could follow,' he said. 'Cybersecurity is a common challenge faced by all countries and should be addressed jointly through dialogue and cooperation,' said Chinese Foreign Ministry spokesman Guo Jiakun. 'China opposes and fights hacking activities in accordance with the law. At the same time, we oppose smears and attacks against China under the excuse of cybersecurity issues.' According to Microsoft, the hacking group Linen Typhoon was first identified in 2012, and is focused on stealing intellectual property, primarily targeting organizations related to government, defense, strategic planning, and human rights. Violet Typhoon, first observed in 2015, was 'dedicated to espionage' and primarily targeted former government and military personnel, non-governmental organizations, as well as media and education sectors in the US, Europe, and East Asia. The hackers have also used the SharePoint flaws to break into systems belonging to the US Education Department, Florida's Department of Revenue and the Rhode Island General Assembly, Bloomberg previously reported. Edwin Lyman, director of nuclear power safety for the Union of Concerned Scientists, said that while the National Nuclear Security Administration possesses some of the most restricted and dangerous information in the world, the networks where classified information are stored are isolated from the internet. 'So even if those networks were compromised, I'm not sure how such information could have been transmitted to the adversaries,' Lyman said in an email. 'But there are other categories of information that are sensitive but unclassified, that may be treated with less care and might have been exposed. This includes some information related to nuclear materials and even nuclear weapons.'
Mint
24-07-2025
- Business
- Mint
Microsoft Hack Hits Hundreds of Firms, Agencies as Damage Spreads
(Bloomberg) -- The number of companies and organizations compromised by a security vulnerability in Microsoft Corp.'s SharePoint servers is increasing rapidly, with the tally of victims soaring more than six-fold in a few days, according to one research firm. Hackers have breached about 400 government agencies, corporations and other groups, according to estimates from Eye Security, the Dutch cybersecurity company that identified an early wave of the attacks last week. That's up from roughly 60 based on its previous estimate provided to Bloomberg News on Tuesday. The security firm said that most of the victims are in the US, followed by Mauritius, Jordan, South Africa and the Netherlands. The National Nuclear Security Administration, the US agency responsible for maintaining and designing the nation's cache of nuclear weapons, was among those breached, Bloomberg reported earlier. The National Institutes of Health was also impacted through the SharePoint flaws, according to a person familiar with the matter. Andrew Nixon, a spokesperson for the Department of Health and Human Services, said, 'The Department and its security teams are actively engaged in monitoring, identifying, and mitigating all risks to our IT systems posed by the Microsoft SharePoint vulnerability.' 'At present, we have no indication that any information was breached as a result of this vulnerability,' he said, adding that the department is collaborating with Microsoft and the US Cybersecurity and Infrastructure Security Agency. The Washington Post previously reported that NIH was breached. And South Africa's National Treasury said it was seeking help from Microsoft after discovering malware on its network, but added that its systems and websites were operating normally. The hacks are among the latest major breaches that Microsoft has blamed, at least in part, on China and come amid heightened tensions between Washington and Beijing over global security and trade. The US has repeatedly criticized China for campaigns that have allegedly stolen government and corporate secrets over a period spanning decades. The real number of victims from the SharePoint exploits 'might be much higher as there can be many more hidden ways to compromise servers that do not leave traces,' Eye Security's co-owner Vaisha Bernard said in an email to Bloomberg News. 'This is still developing, and other opportunistic adversaries continue to exploit vulnerable servers.' The organizations compromised in the SharePoint breaches include many working in government, education and technology services, Bernard said. There were smaller numbers of victims in countries across Europe, Asia, the Middle East and South America. State-backed hackers tend to exploit major cybersecurity weaknesses, like the SharePoint vulnerability, in waves, according to Sveva Scenarelli, a threat analyst with Recorded Future Inc. They start with secretive, targeted hacks and then, once the vulnerability is discovered, will begin using it more indiscriminately, she said. 'Once access has been acquired, individual threat groups can then triage compromised organizations, and prioritize those of particular interest for follow-on activity,' said Scenarelli, of the cyber intelligence firm's Insikt Group. She said this can include finding ways to maintain access to a compromised network, burrowing deeper and setting up paths to steal sensitive information. US Treasury Secretary Scott Bessent, who is set to meet his Chinese counterparts in Stockholm next week for a third round of trade talks, suggested in a Bloomberg Television interview Wednesday that the SharePoint hacks will be discussed. 'Obviously things like that will be on the agenda with my Chinese counterparts,' he said. The security flaws allow hackers to access SharePoint servers and steal keys that can let them impersonate users or services, potentially enabling deep access into compromised networks to steal confidential data. Microsoft has issued patches to fix the vulnerabilities, but researchers cautioned that hackers may have already got a foothold into many servers. Microsoft on Tuesday accused Chinese state-sponsored hackers known as Linen Typhoon and Violet Typhoon of being behind the attacks. Another hacking group based in China, which Microsoft calls Storm-2603, also exploited them, according to the company. The Redmond, Washington company has repeatedly blamed China for major cyberattacks. In 2021, an alleged Chinese operation compromised tens of thousands of Microsoft Exchange servers. In 2023, another alleged Chinese attack on Microsoft Exchange compromised senior US officials' email accounts. A US government review later accused Microsoft of a 'cascade of security failures' over the 2023 incident. Eugenio Benincasa, a researcher at ETH Zurich's Center for Security Studies who specializes in analyzing Chinese cyberattacks, said members of the groups identified by Microsoft had previously been indicted in the US for their alleged involvement in hacking campaigns targeting US organizations. They are well known for their 'extensive espionage,' he said. It's likely that the SharePoint breaches are being carried out by proxy groups that work with the government rather than Chinese government agencies directly carrying out the hacking, according to Benincasa. Private hacking companies in the country sometimes participate in 'hacker for hire' operations, he added. 'Now that at least three groups have reportedly exploited the same vulnerability, it's plausible more could follow,' he said. 'Cybersecurity is a common challenge faced by all countries and should be addressed jointly through dialogue and cooperation,' said Chinese Foreign Ministry spokesman Guo Jiakun. 'China opposes and fights hacking activities in accordance with the law. At the same time, we oppose smears and attacks against China under the excuse of cybersecurity issues.' According to Microsoft, the hacking group Linen Typhoon was first identified in 2012, and is focused on stealing intellectual property, primarily targeting organizations related to government, defense, strategic planning, and human rights. Violet Typhoon, first observed in 2015, was 'dedicated to espionage' and primarily targeted former government and military personnel, non-governmental organizations, as well as media and education sectors in the US, Europe, and East Asia. The hackers have also used the SharePoint flaws to break into systems belonging to the US Education Department, Florida's Department of Revenue and the Rhode Island General Assembly, Bloomberg previously reported. Edwin Lyman, director of nuclear power safety for the Union of Concerned Scientists, said that while the National Nuclear Security Administration possesses some of the most restricted and dangerous information in the world, the networks where classified information are stored are isolated from the internet. 'So even if those networks were compromised, I'm not sure how such information could have been transmitted to the adversaries,' Lyman said in an email. 'But there are other categories of information that are sensitive but unclassified, that may be treated with less care and might have been exposed. This includes some information related to nuclear materials and even nuclear weapons.' --With assistance from Lucille Liu, Ari Natter and Jessica Nix. (Updates with South African hack in the sixth paragraph. A previous version corrected the spelling of Rhode Island.) More stories like this are available on
New York Post
23-07-2025
- Business
- New York Post
Microsoft says China-backed cybercriminals hacked into US nuclear weapons agency
Microsoft has warned that Chinese state-sponsored hackers have breached its SharePoint software used by the US agency responsible for maintaining and modernizing the nation's stockpile of nuclear weapons, according to a report. The National Nuclear Security Administration, a semi-autonomous agency that operates under the auspices of the Department of Energy, was among the targets of a hack allegedly carried out by Chinese-backed cybercriminals, according to Bloomberg News. A Dutch cybersecurity company estimates that around 400 government agencies in the US, Mauritius, Jordan, South Africa and the Netherlands were impacted by the hack, according to Bloomberg News. Advertisement 4 A US government agency responsible for maintaining the nation's stockpile of nuclear weapons was reportedly targeted in a hack by Chinese-backed cybercriminals. U.S. DepartmentofDefense The Dutch firm, Eye Security, previously estimated that just 60 entities were impacted. A source familiar with the situation told the financial news site on Tuesday that no sensitive or classified information was known to have been stolen in the hack, which was made possible by exploiting a flaw in Microsoft's SharePoint document management software. 'On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy,' an agency spokesman told Bloomberg News. Advertisement 'The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored.' The breaches have been ongoing since at least July 7, according to Adam Meyers, senior vice president at CrowdStrike, the cybersecurity firm that has partnered with Microsoft to ward off potential cyber threats. 'The early exploitation resembled government-sponsored activity, and then spread more widely to include hacking that 'looks like China',' Meyers told Bloomberg News. CrowdStrike's investigation into the campaign remains ongoing. Advertisement 4 In a blog post, Microsoft identified two reputed cybercriminal organizations, Linen Typhoon and Violet Typhoon, in the alleged scheme. Bloomberg via Getty Images The Post has sought comment from the NNSA, Microsoft, CrowdStrike and Eye Security. In a blog post, the tech giant identified two reputed cybercriminal organizations, Linen Typhoon and Violet Typhoon, in the alleged scheme to exploit flaws in Microsoft's software that is used by customers on their own networks rather than in the more secure cloud. These customers are at risk of having their data compromised by the hackers, according to Microsoft, which also fingered a third Chinese-based organization, Storm-2603, as doing the same. Advertisement Every morning, the NY POSTcast offers a deep dive into the headlines with the Post's signature mix of politics, business, pop culture, true crime and everything in between. Subscribe here! Microsoft SharePoint is a platform used to store, organize, share and manage internal web content across an organization — similar to intranets. The NNSA wasn't the only agency that was targeted in the alleged cyberattack. Among the victims are the US Department of Education, Florida's Department of Revenue and the Rhode Island General Assembly, which is the Ocean State's legislative body. Internationally, governments in Europe and the Middle East have also been targeted. Cybersecurity researchers have detected breaches on more than 100 servers, representing at least 60 victims across various sectors, including energy, consulting and academia. 4 The National Nuclear Security Administration is a semi-autonomous agency that operates under the auspices of the Department of Energy. Jarretera – Microsoft has patched the vulnerabilities in recent days, but the company expressed concern that hackers will continue to exploit these flaws in future attacks. 'We have high confidence that threat actors will continue to integrate them into their attacks,' Microsoft stated in its blog post. Advertisement 'China opposes and fights hacking activities in accordance with the law. At the same time, we oppose smears and attacks against China under the excuse of cybersecurity issues,' a spokesperson for the Chinese embassy said in a statement. Cybersecurity experts have expressed grave concerns about the severity of the threat. Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks Inc., described the situation as a 'high-severity, high-urgency threat.' Advertisement He emphasized the risks posed by SharePoint's deep integration with Microsoft's ecosystem, which includes services like Office, Teams, OneDrive and Outlook — all of which contain valuable data for attackers. 4 This archive picture shows the first B61-13 HiFi nuclear bomb unit completed at Sandia National Labs in Albuquerque earlier this year. Craig Fritz/Sandia National Labs / SWNS Eye Security reported that the flaws allow hackers to access SharePoint servers and steal authentication keys, enabling them to impersonate users or services even after patches are applied. 'We estimate that the real number might be much higher as there can be many more hidden ways to compromise servers that do not leave traces,' Eye Security's co-owner Vaisha Bernard said in an email to Bloomberg News. Advertisement 'This is still developing, and other opportunistic adversaries continue to exploit vulnerable servers.' Despite Microsoft's efforts to bolster its security measures, including hiring executives from government agencies and holding weekly security meetings, the recent breaches have drawn renewed scrutiny. The US government issued a report last year that was critical of Microsoft's lax security culture.
