Microsoft server hack hit about 100 organizations, researchers say
Microsoft on Saturday issued an alert about "active attacks" on self-hosted SharePoint servers, which are widely used by organizations to share documents and collaborate within organizations. SharePoint instances run off of Microsoft servers were unaffected.
Dubbed a "zero-day" because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organizations.
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether - and that was before the technique behind the hack was widely known.
"It's unambiguous," Bernard said. "Who knows what other adversaries have done since to place other backdoors."
He declined to identify the affected organizations, saying that the relevant national authorities had been notified.
The Shadowserver Foundation confirmed the 100 figure. It said most of those affected were in the United States and Germany, and the victims included government organizations.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
"It's possible that this will quickly change," said Rafe Pilling, director of Threat Intelligence at Sophos, a British cybersecurity firm.
Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement.
It was not clear who was behind the ongoing hack, but Alphabet's Google, which has visibility into wide swaths of internet traffic, said it tied at least some of the hacks to a "China-nexus threat actor."
The Chinese Embassy in Washington didn't immediately respond to a message seeking comment; Beijing routinely denies carrying out hacking operations.
The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Center said in a statement that it was aware of "a limited number" of targets in the United Kingdom. A researcher tracking the campaign said that the campaign appeared initially aimed at a narrow set of government-related organizations.
The pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Shadowserver put the number at a little more than 9,000, while cautioning that the figure was a minimum.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy PwnDefend.
"Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here." (Reporting by James Pearson and Raphael Satter; Editing by Nick Zieminski, Marguerita Choy and Leslie Adler)
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
UAE Moments
2 hours ago
- UAE Moments
CPB to Shut Down Post-Funding Cuts, Impacting Public Media
Corporation for Public Broadcasting to Close Operations Amid Federal Funding Cuts The Corporation for Public Broadcasting (CPB), a pivotal supporter of NPR and PBS funding, announced significant changes after the loss of federal funding authorized by President Trump's administration. The nonprofit organization, responsible for channeling federal money to public media stations across the United States, confirmed it would wind down operations by September 30, 2025. Major Cuts Approved by Congress The decision to cease CPB operations follows a largely party-line vote approving a $9 billion rescission package requested by the White House. This package included $1.1 billion in cuts to public broadcasting through fiscal year 2027. Despite hopes among public media officials for funding restoration, the Senate Appropriations Committee declined to reconsider the allocation. Patricia de Stacy Harrison, President and CEO of CPB, expressed deep regret, stating, 'Despite the extraordinary efforts of millions of Americans who called, wrote, and petitioned Congress to preserve federal funding for CPB, we now face the difficult reality of closing our operations. CPB remains committed to fulfilling responsibilities and supporting our partners through this transition with transparency and care.' Impact on Public Media Stations CPB plays an essential role in supporting public media nationwide. It provides critical funding for programming, educational initiatives, emergency alert systems, and cultural services vital to many communities. However, the consequences of its impending closure are already reverberating through the public media landscape: Many local stations, such as WQED in Pittsburgh, have begun laying off staff. WQED recently announced a 35% workforce reduction as a response to the cuts. Stations in cities like Nashville, Louisville, and Seattle are experiencing a surge in donations as communities rally to preserve local services. CPB confirmed most staff positions within the organization will be eliminated by the fiscal year-end. A small team will remain temporarily to oversee compliance, fiscal distributions, and long-term financial obligations. 'I didn't really see a day where this separate institution, which is set up to serve the public, would be shut down,' shared Tim Bruno, general manager of Radio Catskill, an NPR affiliate in upstate New York. Federal Funding and Public Media Operations NPR and PBS rely on federal funding in varying degrees. NPR's direct federal funding constitutes only a small portion of its budget, but its member stations — particularly those serving rural and underserved areas — depend significantly on CPB grants for their operating revenue. On average, PBS and its member stations derive 15% of their revenue from federal allocations, which support essential programs like PBS News Hour and children's programming such as 'Daniel Tiger's Neighborhood.' Public media advocates fear the broader implications of CPB's closure. Katherine Maher, President and CEO of NPR, emphasized its ripple effects, stating, 'The ripple effects of this closure will be felt across every public media organization and, more importantly, in every community across the country that relies on public broadcasting.' NPR has pledged to allocate $8 million from its budget to assist local stations facing financial crises. Public Broadcasting Under Political Scrutiny The funding cuts reflect longstanding criticism of public media by some conservatives, including allegations of bias and mismanagement of taxpayer money. NPR and PBS strongly deny these accusations, defending their commitment to fair and independent journalism. Nevertheless, public sentiment largely favors preserving federal support for public broadcasting. A Harris Poll conducted last month revealed broad support for public media among Americans. Approximately 66% of respondents supported federal funding for public radio, with bipartisan backing — 58% of Republicans and 77% of Democrats agreed that public broadcasting is a good value for taxpayers. Public Reaction and Efforts to Adapt As federal funding diminishes, public media organizations are working to adapt and maintain services. NPR has vowed to strengthen efforts supporting locally owned and nonprofit radio stations. Additionally, it seeks to uphold high standards in independent journalism and cultural programming to serve the nation's diverse communities.
The National
7 hours ago
- The National
Trump sacks Labour Department official as warning signals flash in US jobs market
President Donald Trump lashed out at officials on Friday, saying Commissioner of Labour Statistics Erika McEntarfer would be fired, as a US jobs report put employment growth at a much lower level than expected. The Labour Department's employment report for July showed employers added 73,000 jobs, and revisions for May and June suggest hiring was weaker in those two months than thought. Mr Trump renewed his attack on Fed chairman Jerome Powell l, calling him a 'stubborn moron' after the Fed on Wednesday paused the cutting of interest rates. He then said the Ms McEntarfer, would be fired. He said she had "faked" jobs numbers under the Biden administration in an attempt to give presidential candidate Kamala Harris a boost. He also urged the Federal Reserve board to assume control if Mr Powell continues to refuse to lower interest rates. 'Too Little, Too Late. Jerome 'Too Late Powell is a disaster. DROP THE RATE! The good news is that Tariffs are bringing Billions of Dollars into the USA!' Mr Trump wrote on Truth Social. Economists polled by Reuters had thought July's jobs number would be 110,000. The unemployment rate ticked up to 4.2 per cent. Brian Jacobsen, chief economist at Annex Wealth Management, said Mr Powell might have lowered interest rates on Wednesday if he 'knew then what he knows now'. 'There's no way to pretty-up this report. Previous months were revised significantly lower where the labour market has been on stall-speed,' he said, predicting a rate cut at the next Fed meeting. The unexpectedly weak report raises questions about the health of the job market and the economy amid Mr Trump's radical efforts to reshape US trade policy. Late on Thursday, he unveiled hefty tariffs on imports from around the world. 'President Trump is using tariffs as a necessary and powerful tool to put America first after many years of unsustainable trade deficits that threaten our economy and national security,' the White House said. Also weighing on the economy is an anticipated drop in foreign workers as Mr Trump pushes ahead with efforts to deport immigrants who do not have authorisation, although he has suggested farmers and hoteliers might be spared wholesale round-ups of their staff. Wells Fargo economists called July's job report a "dud" and forecast interest rate cuts of 0.25 per cent in September, October and November.
The National
a day ago
- The National
AI chip smuggling 'gets more airtime than it should', White House official says
The idea of high-performance AI chips being smuggled into potentially nefarious hands gets more attention than it should, a White House official has said. Michael Kratsios, who serves as director for the Trump administration's Office of Science and Technology Policy, said on Wednesday that there are a lot of misconceptions and misguided fears about the 'physical diffusion' of artificial intelligence technology developed by the US. 'We're not talking about like a bag of diamonds or something,' he said during a discussion at the Centre for Strategic and International Studies think tank about Mr Trump's recently announced AI Action Plan. Some politicians have expressed concerns about the potential for recently announced US AI partnerships overseas to be exploited by countries like China to try to acquire powerful American-made technology. 'These are like massive racks that are tonnes in weight and you're not going to put it on a forklift or back it into a truck, or something," he explained, adding that the idea of chip smuggling "probably gets more airtime than it should." Mr Kratsios also said the hypothetical scenario of the US partnerships with other countries leading to the misuse of data centres by countries like China for 'training runs' to access the centres was overblown. 'What you're most worried about is large-scale runs that are for training sophisticated models and those are actually pretty easy to flag,' he said, adding that the US will make sure to implement what's known in IT circles as Know Your Customer policies to prevent bad actors from gaining access to data centres powered by US technology. Mr Kratsios said that Mr Trump's predecessor, Joe Biden, put too many chip export restrictions on allies, and that the export of US technology to countries with peaceful AI aspirations was critical to an overall AI strategy. During Mr Trump's visit to the Gulf in May, he announced the US-UAE AI Acceleration Partnership framework that will eventually lead to the construction of a 5GW UAE-US AI Campus in Abu Dhabi. 'The [Biden administration] limits made no sense at all,' he said, referring to President Biden's policies aimed at limiting the powerful CPUs and GPUs available to certain countries. Those policies were largely aimed at preventing the diffusion of US technology to China. It proved controversial, with companies like Microsoft and Nvidia claiming the policies hurt US efforts more than helping. Some US AI companies like Anthropic, however, have sought to keep the export controls. 'In some cases, smugglers have employed creative methods to circumvent export controls, including hiding processors in prosthetic baby bumps and packing GPUs [graphics processing units] alongside live lobsters,' read an April policy letter from Anthropic. That letter later came under criticism over what some called the oversimplification of how AI data centres work. Regardless, in keeping with that theme of reversing the Biden export policy, the Trump White House recently announced plans that would allow for Nvidia to resume sales of its H20 graphics processing unit to China. That decision, however, has come under criticism from several technology analysts and politicians. A group of Democratic senators this week sent a letter to Commerce Secretary Howard Lutnick urging him to reverse course. At the CSIS event, Mr Kratsios said the concerns from Democratic senators were oversimplified, adding that the H20 was designed to comply with US concerns about giving China too much computing power, among other things. 'It's not a free-for-all sale,' he said, referring to White House's H20 announcement. 'Any sale that Nvidia wants to make to China is one that's going to require an export licence.' Mr Kratsios added that the Commerce Department's Bureau of Industry and Security would be evaluating each of those licence applications and 'weight the costs' before giving Nvidia approval.
