Microsoft SharePoint server hack likely caused by single actor — and thousands of firms now vulnerable: researchers
Microsoft on Saturday issued an alert about 'active attacks' on self-managed SharePoint servers, which are widely used by government agencies and businesses to share documents within organisations.
Dubbed a 'zero day' because it leverages a previously undisclosed digital weaknesses, the hacks allow spies to penetrate vulnerable servers and potentially drop a back door to secure continuous access to victim organizations.
Microsoft on Saturday issued an alert about 'active attacks' on SharePoint servers used within organizations.
Gorodenkoff – stock.adobe.com
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the ShadowServer Foundation had uncovered nearly 100 victims altogether – and that was before the technique behind the hack was widely known.
'It's unambiguous,' Bernard said. 'Who knows what other adversaries have done since to place other back doors.'
He declined to identify the affected organizations, saying that the relevant national authorities had been notified. The ShadowServer Foundation didn't immediately return a message seeking comment.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
'It's possible that this will quickly change,' said Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm.
Microsoft said it had 'provided security updates and encourages customers to install them,' a company spokesperson said in an emailed statement.
Microsoft said it had 'provided security updates and encourages customers to install them.'
REUTERS
It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Center said in a statement that it was aware of 'a limited number' of targets in the United Kingdom.
According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
'The SharePoint incident appears to have created a broad level of compromise across a range of servers globally,' said Daniel Card of British cybersecurity consultancy, PwnDefend.
'Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
4 minutes ago
- Yahoo
Apple's Dating?App Fee Ruling Paused
Apple (NASDAQ:AAPL) gets a reprieve as the Netherlands regulator pauses its dating?app fee ruling. The ACM said it's holding off on a final decision about the fees Apple charges dating app providers while Brussels and Cupertino hammer out their own deal. Warning! GuruFocus has detected 7 Warning Sign with MSFT. Apple already tweaked its fee schedule and promises more adjustments later this year, so ACM wants to avoid duplicating discussions. It'll revisit the issue once there's clarityand aims to decide by April 1, 2026. Last month the Rotterdam court backed ACM's finding that Apple abused its market dominance with unfair App Store conditions dating back to August 2021, forcing earlier concessions. Why it matters: This pause buys Apple time to align global fee changes and could set a template for regulators worldwide. Investors will be watching for any hints from the EU?Apple talks and ACM's ruling ahead of spring 2026. This article first appeared on GuruFocus.
The Hill
5 minutes ago
- The Hill
Crypto lobby gains ground under Trump
At least 27 crypto companies or advocates filed their first-ever lobbying disclosures this year across some 20 firms, reflecting an increasing appetite for influence in a more crypto-friendly Washington. The newcomers originate from all corners of the industry. There's betting website Polymarket, a gaming company that created an NFT version of the White House Easter egg hunt, and a Seychelles-based exchange that cannot operate in the U.S. market due to a federal money laundering settlement. Together, they spent nearly $2.8 million between April 1 and June 30 on lobbying landmark legislation promoting digital assets to the Treasury Department and the Securities and Exchange Commission, and a host of other issues relevant to blockchain infrastructure — an increasingly sprawling ecosystem that some hope could one day be as ubiquitous as the internet. The push has paid off for crypto so far. The GENIUS Act, a bill with bipartisan support signed by President Trump last week, has been regarded as the government's 'seal of approval' on the industry. The law sets up a regulatory framework for stablecoins, a type of cryptocurrency that is theoretically pegged to the U.S. dollar or another reference asset. The House also advanced several other landmark bills during its monumental 'crypto week,' which featured high-profile lobbying stunts such as vending machines around the Capitol and the National Mall with customized chocolate bars urging 'yes' votes, bankrolled by the crypto exchange Coinbase. Lobbying expenses that week were not covered in the second quarter disclosures. At least 73 companies or associations focused on crypto disclosed federal lobbying activities, to the tune of about $11.4 million. This total doesn't include spending from investment firms such as Andreessen Horowitz ($790,000) or BlackRock ($810,000) that have substantial crypto interests but also lobbied on a suite of other financial regulation issues. The Hill's Miriam Waldvogel has more here.
Epoch Times
6 minutes ago
- Epoch Times
Lawmaker Questions Pentagon Over Chinese Engineers Tied to Microsoft Contract
Sen. Tom Cotton (R-Ark.) has requested details from the Pentagon regarding the extent of information shared with Chinese engineers involved in a Microsoft cloud services contract. Cotton, chairman of the Senate Select Committee on Intelligence, sent a letter to Defense Secretary Pete Hegseth dated July 24 requesting findings from an internal two-week review announced by the Pentagon chief on July 18.
