Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say
Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day" because it was previously unknown to cybersecurity researchers.
"Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm.
That tradecraft included the sending of the same digital payload to multiple targets, Pilling added.
Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement.
It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre did not immediately respond to a request for comment.
The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses.
According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend.
"Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Straits Times
7 minutes ago
- Straits Times
Microsoft Singapore managing director Lee Hui Li dies while on sabbatical
Find out what's new on ST website and app. SINGAPORE - Lee Hui Li, managing director of Microsoft Singapore, has died, shortly after going on sabbatical from her role in May. Her age could not be independently verified. An obituary seen by The Business Times stated that Ms Lee passed away on July 24. The wake will be held at the Church of St Ignatius on King's Road from July 25, with the funeral scheduled for July 28, the obituary read. 'Hui Li was a visionary leader whose impact on Microsoft and the broader technology landscape in Singapore was profound. Throughout her career, Hui Li was known not only for her strategic brilliance, but for her warmth, authenticity, and unwavering belief in the potential of others and of Singapore,' a Microsoft spokesperson told The Business Times. 'She mentored countless leaders, built inclusive teams, and inspired all of us to lead with purpose. We extend our heartfelt condolences to Hui Li's family, friends, and colleagues,' the spokesperson said. Ms Lee was appointed managing director of Microsoft Singapore in March 2022, according to her LinkedIn profile. She had announced a sabbatical in May, without disclosing a reason. She had shared on her LinkedIn page two months ago that she would be starting a new position. Top stories Swipe. Select. Stay informed. Singapore HDB resale price growth moderates in Q2, more flats sold Singapore Etomidate found in blood samples of 2 people involved in fatal Punggol Road accident in May: HSA Asia Live: Thailand-Cambodia border clashes continue for second day Business GIC posts 3.8% annualised return over 20 years despite economic uncertainties Business GIC's focus on long-term value aims to avoid permanent loss amid intensifying economic changes Opinion No idle punt: Why Singapore called out cyber saboteur UNC3886 by name Singapore Prison officer accused of taking bribes to smuggle nude photos, prescription drugs to inmate Sport 'We can match Malaysia or do even better', say Singapore's divers Before taking on the top Singapore role, Ms Lee was general manager of Asia-Pacific enterprise commercial at Microsoft from July 2021 to March 2022, where she led regional sales and industry teams. Her career spanned 27 years and included senior roles at IBM, Symantec, Dell, HP and EY, according to her profile. Ms Lee was based in Singapore and held a degree in economics from the National University of Singapore. In a December 2024 interview with BT, Ms Lee outlined Microsoft's plans to accelerate artificial intelligence adoption in Singapore through customised, industry-specific solutions for large organisations. In a separate interview in April that year, she reflected on her experiences as a female, Asian leader in the male-dominated tech sector. She spoke of her commitment to building a workplace rooted in diversity and inclusivity, and to fostering an environment where differing perspectives are encouraged to challenge groupthink. THE BUSINESS TIMES
AsiaOne
2 hours ago
- AsiaOne
Long-time tech executive and Microsoft Singapore managing director Lee Hui Li dies, Money News
Lee Hui Li, managing director of Microsoft Singapore, has died, shortly after going on sabbatical from her role in May. Her age could not be independently verified. An obituary seen by The Business Times stated that Lee passed away on Thursday (July 24). The wake will be held at the Church of St Ignatius on King's Road from Friday, with the funeral scheduled for Monday, the obituary read. "Hui Li was a visionary leader whose impact on Microsoft and the broader technology landscape in Singapore was profound. Throughout her career, Hui Li was known not only for her strategic brilliance, but for her warmth, authenticity, and unwavering belief in the potential of others and of Singapore," a Microsoft spokesperson told BT. "She mentored countless leaders, built inclusive teams, and inspired all of us to lead with purpose. We extend our heartfelt condolences to Hui Li's family, friends, and colleagues," the spokesperson said. Lee was appointed managing director of Microsoft Singapore in March 2022, according to her LinkedIn profile. She had announced a sabbatical in May, without disclosing a reason. Before taking on the top Singapore role, Lee was general manager of Asia-Pacific enterprise commercial at Microsoft from July 2021 to March 2022, where she led regional sales and industry teams. Her career spanned 27 years and included senior roles at IBM, Symantec, Dell, HP and EY, according to her profile. Lee was based in Singapore and held a degree in economics from the National University of Singapore. In a December 2024 interview with BT, Lee outlined Microsoft's plans to accelerate artificial intelligence adoption in Singapore through customised, industry-specific solutions for large organisations. In a separate interview in April that year, she reflected on her experiences as a female, Asian leader in the male-dominated tech sector. She spoke of her commitment to building a workplace rooted in diversity and inclusivity, and to fostering an environment where differing perspectives are encouraged to challenge groupthink. [[nid:720463]] This article was first published in The Business Times . Permission required for reproduction.
Asia News Network
2 hours ago
- Asia News Network
Indonesia-US trade deal possible threat to data sovereignty
July 25, 2025 JAKARTA – Atrade agreement between Indonesia and the United States set to include provisions on personal data transfers has raised alarms about the potential undermining of Indonesia's data sovereignty. According to a joint statement on the framework for the prospective settlement published on the White House website on Tuesday, Jakarta agreed to provide certainty regarding personal data transfers from Indonesia to the US and eliminate tariffs on intangible products by recognizing the US as having 'adequate' data protection. Communication and Digital Minister Meutya Hafid wrote in a statement on Thursday that the negotiation was still ongoing, as previously conveyed by President Prabowo Subianto. She added that the agreement could serve as a legal basis for protecting the personal data of Indonesian citizens when using digital services provided by US-based companies, such as search engines, social media cloud services and e-commerce. 'The government will ensure that data transfer to the US will not be carried out carelessly. On the contrary, the whole process will be conducted within a secure and reliable data governance framework,' Meutya noted, adding that the transfer would be carried out under 'tight supervision of the Indonesian authorities, with high caution, based on the national law.' On the same day, Coordinating Economy Minister Airlangga Hartarto said at a press conference that Jakarta had agreed to establish a secure protocol for managing cross-border data flows with the US, without elaborating. 'Cross-border [services] are not limited to the US and include other countries,' he noted, adding that Indonesia had prepared a range of such protocols, including one implemented in the Nongsa Digital Park special economic zone (SEZ) in Batam, Riau Islands. Airlangga added that 12 US tech companies, including Amazon Web Services (AWS), Microsoft and Google Cloud, have complied with national regulations by building data centers in Indonesia. Digital advocacy groups, however, have raised concerns over the agreement's potential threat to domestic data rights and privacy, as well as compromised control over the country's digital infrastructure. Hendra Suryakusuma, chairman of the Indonesian Data Center Providers Organization (IDPRO), warned that allowing personal data generated in Indonesia to be transferred and analyzed in the US could undermine Indonesia's digital sovereignty. 'We are at risk of losing our data control, whether it's strategic, personal or open data. This may also lead to the potential of increased digital dependency,' Hendra told The Jakarta Post on Thursday. He added that the local data centers could end up functioning only as 'edge computing' or 'hybrid cloud generators', roles in which they would no longer serve as the main site for data processing. This might cause prospective industry players to rethink their entry into Indonesia's market, hindering investment, he said, noting that global tech firms that had planned to invest billions of dollars in data centers in the country might divert their investment to the US. Domestic data center operators, internet service providers and state-owned power monopolist PLN could also miss out on significant revenue potential driven by demand for data storage and processing, which consumes large amounts of electricity. Hendra also pointed out that the agreement could obscure legal boundaries outlined in the Personal Data Protection (PDP) Law, which requires electronic system operators, particularly those in critical sectors like education, banking and health care, to implement strong, onshore data protection measures. 'The personal data of Indonesian citizens is a strategic [resource]. If we say that data is the new oil, then it must be generated and processed domestically to become our asset,' he said. Hendra urged the government to conduct a comprehensive assessment, preventing the cross-border data agreement from resulting in overdependence and diminished control, worsening already weak data security in the country, marked by breaches reported in the past few years. The Institute for Policy Research and Advocacy for Society (Elsam) has also voiced concern over potential drawbacks of the deal and serious threats to Indonesia's digital ecosystem. In a press release published on Wednesday, Elsam described the digital trade deal as 'unfair', arguing that the agreement favored interests of US-based data storage companies over the protection of personal data. It also highlighted the potential threat of mass surveillance of Indonesian citizens by US authorities, as well as risks from cross-border data flows, given that the Indonesian government has yet to establish a personal data protection body to oversee such practices. 'The absence of this institution, alongside fragmented cross-sectoral regulations, has led to weak oversight of the protection of personal data transferred overseas. This includes an increased risk of data leaks, misuse and violations of privacy rights,' reads the press release. Pratama Persadha, who chairs the cybersecurity watchdog Communication and Information System Security Research Center (CISSReC), said the agreement could help accelerate the establishment of an independent institution overseeing data protection. However, he added that Indonesia should not overlook the looming risks from the free flow of personal data. Controlled data management is directly linked to the added value of the digital economy, he explained, describing personal data and digital behavior as 'essential raw materials' for the development of artificial intelligence, algorithm-based services and technological innovation. 'If not managed property, our data will only serve as a commodity exploited by foreign entities to build products and services that are then sold back to the Indonesian market,' he wrote in a statement on Thursday. Indonesia should pursue a bilateral agreement to protect its digital rights, he suggested, adding that the country should also strengthen its digital infrastructure, research and the development of local digital talent to maintain technological independence.
