Microsoft cyberattack hits 100 organisations, security firms say
Two of the organisations that helped uncover the attack announced their findings on Monday.
On Saturday, Microsoft issued an alert about 'active attacks' on self-hosted SharePoint servers, which are widely used by organisations to share documents and collaborate within others. SharePoint instances run off of Microsoft servers were unaffected.
Dubbed a 'zero-day' because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organisations.
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether – and that was before the technique behind the hack was widely known.
'It's unambiguous,' Bernard said. 'Who knows what other adversaries have done since to place other backdoors.'
He declined to identify the affected organisations, saying that the relevant national authorities had been notified.
The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organisations.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
'It's possible that this will quickly change,' said Rafe Pilling, director of threat intelligence at Sophos, a British cybersecurity firm.
A Microsoft spokesperson said in an emailed statement that it had 'provided security updates and encourages customers to install them'.
It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre said in a statement that it was aware of 'a limited number' of targets in the United Kingdom. A researcher tracking the hacks said that the campaign appeared initially aimed at a narrow set of government-related organisations.
Potential targets
The pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, more than 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies and several US state-level and international government entities.
'The SharePoint incident appears to have created a broad level of compromise across a range of servers globally,' said Daniel Card of British cybersecurity consultancy, PwnDefend.
'Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here.'
On Wall Street, Microsoft's stock is about even with the market open as of 3pm in New York (19:00 GMT), up by only 0.06 percent, and has gone up more than 1.5 percent over the last five days of trading.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Al Jazeera
10 hours ago
- Al Jazeera
Why Trump's attacks on Jerome Powell are raising fears for the US economy
United States President Donald Trump has spent months attacking US Federal Reserve chairman Jerome Powell for not moving faster to lower interest rates. While Trump is not the first president to clash with the head of the US central bank on monetary policy, he has gone further than his predecessor by threatening to fire Powell and pressuring him to resign. Trump's barbs have raised concerns about the prospect of the Fed losing its independence, which would have serious ramifications for the US economy. What has Trump said about Powell? Trump's main gripe with Powell has been the Fed's decision to keep its benchmark interest rate in the range of 4.25 to 4.50 percent. The US central bank has resisted calls to lower the rate, which would spur economic growth by reducing borrowing costs across the economy, to keep a lid on inflation. While inflation remains modest at present, Powell and his colleagues fear that prices could rise significantly in the coming weeks and months due to Trump's tariffs. Trump has argued that the rate should be as low as 1 percent. Trump has been at odds with Powell since his first term, when he nominated him to the top job, but the president began ramping up his attacks in April, when he branded the monetary policy chief 'a major loser' and 'numbskull' whose 'termination cannot come fast enough'. Since then, Trump has made conflicting remarks about whether he intends to fire Powell, and last week asked a group of Republican lawmakers for their opinion on the matter. While Trump continues to blast Powell on social media, other top White House officials have joined the condemnation. Earlier this month, Office of Management and Budget Director Russell Vought accused Powell of mishandling the 'ostentatious' $2.5bn refurbishment of the Fed's headquarters in Washington, DC. On Tuesday, US Treasury Secretary Scott Bessent accused the Fed of 'persistent mandate creep into areas beyond its core mission' and called for a review of the renovation project. Today in a CNBC interview, I called for a review of the Federal Reserve. It is my belief that the central bank should conduct an exhaustive internal review of its non-monetary policy operations. Significant mission creep and institutional growth have taken the Fed into areas that… — Treasury Secretary Scott Bessent (@SecScottBessent) July 21, 2025 Does Trump have the power to remove Powell? The Fed chair is harder to remove than the heads of other independent government agencies. Under the Federal Reserve Act of 1913, the president may remove the head of the central bank 'for cause' – widely interpreted to mean proof of corruption or malfeasance. A landmark 1935 Supreme Court ruling further insulated the Fed from political pressure by explicitly stating that the heads of independent agencies cannot be removed without cause. David Wilcox, a senior fellow at the Peterson Institute for International Economics who served on the staff of the Federal Reserve Board, said the Trump Administration appeared to be zoning in on the Fed's renovation project to create a pretext to fire Powell. 'The way they're doing that is they're drumming up a lot of controversy around the expenses that have been incurred and will be incurred in the renovation of two of the historic buildings,' Wilcox told Al Jazeera. 'The drumbeat of criticism seems to be that Powell allegedly has mishandled this situation, and concern is that this very small-scale situation might be somehow blown up into an excuse for firing Powell 'for cause'.' Is there any precedent for Trump's campaign against Powell? In the late 1960s and early 1970s, presidents Lyndon B Johnson and Richard Nixon – a Democrat and a Republican – both famously exerted pressure on the Fed chair to keep interest rates low. Some historians have theorised that Nixon's cajoling of then-Fed chair Arthur Burns stopped him from rolling out rate hikes that could have halted the emergence of double-digit inflation in the mid-1970s. 'What does compromising central bank independence do? It runs the possibility of giving some kind of short-term gain for long-term pain,' Mark Spindel, the CIO of Potomac River Capital and a Federal Reserve historian, told Al Jazeera. 'And politicians have short memories.' How will markets react if Powell is removed? Suggestions that Trump could remove Powell have roiled markets on several occasions. On Wednesday, the benchmark US S&P 500 briefly fell by 0.7 percent, and the US dollar sank 0.9 percent, following reports that Trump had asked Republican lawmakers whether he should fire the Fed chair. Stocks recovered a short time later after Trump denied that he had any plans to remove Powell, the latest example of what investors have dubbed the 'TACO Trade' – short for 'Trump Always Chickens Out'. If Trump were to follow through on his threat to remove Powell, the stock market and confidence in the US economy would take a major hit, Wilcox said. 'It would probably be reflected in an increase in the expected inflation that's built into borrowing rates. It would be reflected in an increase in the risk premiums that are built into long-term Treasury rates,' he added. 'It would probably be reflected in a weakening of the US dollar because of a loss in confidence that would follow from the knocking down of yet one more signature aspect [of the economy] that has been taken for granted for many decades.' Why might Trump not want to fire Powell? Fed historian Spindel said Trump may ultimately decide to keep Powell despite his threats. The Fed chairman's term expires in May next year, Spindel said, and, until then, Trump can use Powell as a scapegoat for any problems with the economy. As a businessman, Trump also considers the stock market an important barometer of success, Spindel added. 'The market is an important governor on his policies,' he said. 'He has a large constituency in the corporate sector. He obviously enjoys support from the middle and upper wealthy class, and he doesn't want to torpedo the equity market.'
Al Jazeera
16 hours ago
- Al Jazeera
US government employee barred from leaving China, Washington says
A United States government employee has been prevented from leaving China after visiting the country for personal reasons, Washington has said. The employee of the US Patent and Trademark Office, an agency within the US Department of Commerce, was subject to an 'exit ban' while travelling in China in a 'personal capacity', the US Department of State said on Monday. 'The Department of State has no higher priority than the safety and security of American citizens,' a State Department spokesperson said in a statement. 'We are tracking this case very closely and are engaged with Chinese officials to resolve the situation as quickly as possible.' The statement comes after The Washington Post on Sunday reported that a Chinese-American man employed by the US Commerce Department was barred from leaving China after failing to disclose his work for the government on a visa application. The report, which cited four unnamed people familiar with the matter, said the employee had travelled to China several months ago to visit family. The Hong Kong-based South China Morning Post on Sunday reported that the man, a naturalised US citizen, was detained in Chengdu, Sichuan, in April over 'actions Beijing deemed harmful to national security'. The Post's report cited an unnamed 'source familiar with the matter'. The Chinese Embassy in Washington, DC, referred Al Jazeera to remarks made by the Chinese Ministry of Foreign Affairs spokesperson, Guo Jiakun, on Monday, in which he said he had 'no details to share' on the case. 'China upholds the rule of law and handles entry and exit affairs in accordance with the law,' Guo said at a regular media briefing. Washington's confirmation of the exit ban comes after Beijing on Monday said it had blocked the departure of a US citizen employed by the banking giant Wells Fargo. China's Foreign Ministry said that Chenyue Mao, an Atlanta-based managing director, was subject to an exit ban due to her involvement in an unspecified criminal case. Washington and Beijing have long traded accusations of espionage and meddling in each other's domestic affairs. On Monday, the US Department of Justice said that a Chinese-born US researcher had pleaded guilty to stealing trade secrets, including blueprints for infrared sensors designed to detect nuclear missile launches and track ballistic missiles. Prosecutors said Chenguang Gong, a dual US-Chinese citizen, transferred more than 3,600 company files to his personal storage devices during his employment with a Los Angeles-based research and development firm. Before taking up work with the company, Gong had travelled to China several times to seek funding to develop technology with military applications, prosecutors said.
Qatar Tribune
a day ago
- Qatar Tribune
Notre Dame in Paris to be mapped digitally by Microsoft
DPA Paris Notre Dame Cathedral in Paris is to be digitally mapped by US tech giant Microsoft, with every detail of its Gothic sculptures captured. The project is expected to take at least a year and cost several million dollars, Microsoft President Brad Smith told magazine Le Point on Monday. Following the example of previous digitalization projects, such as St Peter's Basilica in Rome, the cathedral will be captured using high-precision technology to ensure it is digitally preserved for future generations. The Parisian landmark reopened its doors in December after a devastating fire in April 2019 and years of renovation work. Smith, who is in the French capital, also announced that around 1,500 historical stage set models from the Paris Opera are to be digitized in collaboration with the French Ministry of Culture.
