Cyberattack hits Microsoft servers, threatens thousands of global organizations
The Windows developer acknowledged the flaw in a statement and released a new security update to curb active attacks on on-premises servers, confirming that additional updates are in development.
The US Cybersecurity and Infrastructure Security Agency (CISA) explained that the loophole allows attackers to execute code and access file systems and internal settings, according to Bloomberg.
Cybersecurity firm Censys reported that more than 10,000 organizations using SharePoint servers are at risk, most of them based in the United States, followed by the Netherlands, the United Kingdom, and Canada.
Palo Alto Networks warned that the attacks are real and pose a serious threat. Reports from outlets such as The Washington Post confirmed the breach has affected US federal and government agencies, universities, energy companies, and a telecom firm in Asia.
This incident adds to a growing series of cyber intrusions targeting Microsoft systems. Back in March, the company warned that Chinese hackers were exploiting remote management tools and cloud applications to spy on institutions inside the US and abroad.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Arab News
39 minutes ago
- Arab News
Risk highlighted as Chinese hackers hit Microsoft
PARIS : Software giant Microsoft is at the center of cybersecurity storm after China-linked hackers exploited flaws in SharePoint servers to target hundreds of organizations. While such cyberattacks are not new, the scale of the onslaught and the speed with which the hackers took advantage of freshly discovered vulnerabilities is fueling concern. Dutch startup Eye Security warned Saturday of online attacks targeting SharePoint file-sharing servers, with Microsoft quick to confirm the report and release patches to protect systems. The vulnerability allowed hackers to retrieve credentials and then access SharePoint servers kept at users' facilities, according to Microsoft. Cloud-based SharePoint software was safe from the problem, the company said. Eye Security determined that more than 400 computer systems were compromised by hackers during waves of attacks. Targets included government organizations in Europe, the Middle East and the United States — among them the US nuclear weapons agency, media reports indicated. 'On-premises SharePoint deployments — particularly within government, schools, health care and large enterprise companies — are at immediate risk,' cybersecurity firm Palo Alto Networks warned in a note. Microsoft has not disclosed the number of victims in the attacks. SharePoint had more than 200 million active users as of 2020, according to the most recent figures available from Microsoft. Microsoft has attributed the cyberattacks to groups backed by China. The culprits are believed to include Chinese state actors known as Linen Typhoon and Violet Typhoon along with a group called Storm-2603 which 'is considered with moderate confidence to be a threat actor based in China.' The Typhoon groups have been active for a decade or more, and are known for intellectual property theft as well as espionage, according to Microsoft. Less was known about Storm-2603 and its motives. 'Investigations into other actors also using these exploits are ongoing,' Microsoft said, urging users to patch SharePoint servers to avoid becoming hacking victims. Cybersecurity specialist Damien Bancal noted in a recent blog post that he found 'ready-to-use exploit code' for the vulnerability at a popular website. The assault on SharePoint servers is the latest in a series of sophisticated attacks carried out by state-sponsored groups against 'the Microsoft ecosystem,' according to Bancal. In 2021, attacks by a Chinese hacker group known as Silk Typhoon compromised tens of thousands of email servers using Microsft Exchange software. Microsoft's success at making its software commonplace in offices and homes also makes it a prime target for hackers out to steal money or information. Microsoft software can hold sensitive and valuable information. 'It's not Microsoft that is being targeted, it's its customers,' said Shane Barney, head of information security at US-based Keeper. Targeting Microsoft programs is a means to an end, and tomorrow it could be software from another company, said Rodrigue Le Bayon, head of Orange Cyberdefense computer emergency response team. China is not the only nation backing hacker operations as countries around the world hone cyber capabilities, according to Le Bayon. Nevertheless, China is repeatedly singled out by companies and goverments hit by hacks. Western countries have accused hacker groups allegedly supported by China of conducting a global cyber espionage campaign against figures critical of Beijing, democratic institutions, and companies in various sensitive sectors.
Al Arabiya
13 hours ago
- Al Arabiya
Trump says he wants Musk and his companies to thrive in US
President Donald Trump said on Thursday he would not destroy Elon Musk's companies by taking away federal subsidies and said he wants the billionaire tech-entrepreneur's businesses to thrive. 'Everyone is stating that I will destroy Elon's companies by taking away some, if not all, of the large scale subsidies he receives from the US Government. This is not so!' Trump said in a social media post. 'I want Elon, and all businesses within our Country, to THRIVE.' The statement follows Musk's warning to Tesla investors on Wednesday that US government cuts in support for electric vehicle makers could lead to a 'few rough quarters' for the company. Musk spent more than a quarter of a billion dollars to help Trump win November's presidential election and led the Department of Government Efficiency's chaotic effort to slash the budget and cut the federal workforce. The Tesla CEO left the administration in late May to refocus on his tech empire. Trump and Musk fell out shortly afterward when Musk openly denounced the Republican president's tax-cut and spending bill, leading to threats by Trump to cancel billions of dollars worth of federal government contracts with Musk's companies.
Al Arabiya
a day ago
- Al Arabiya
Microsoft says some SharePoint server hackers now using ransomware
A cyber-espionage campaign centered on vulnerable versions of Microsoft's server software now involves the deployment of ransomware, Microsoft said in a late Wednesday blog post. In the post, citing 'expanded analysis and threat intelligence,' Microsoft said a group it dubs 'Storm-2603' is using the vulnerability to seed the ransomware, which typically works by paralyzing victims' networks until a digital currency payment is made. The disclosure marks a potential escalation in the campaign, which has already hit at least 400 victims, according to Netherlands-based cybersecurity firm Eye Security. Unlike typical state-backed hacker campaigns, which are aimed at stealing data, ransomware can cause widespread disruption depending on where it lands. The figure of 400 victims represents a sharp rise from the 100 organizations cataloged over the weekend. Eye Security says the figure is likely an undercount. 'There are many more, because not all attack vectors have left artifacts that we could scan for,' said Vaisha Bernard, the chief hacker for Eye Security, which was among the first organizations to flag the breaches. The details of most of the victim organizations have not yet been fully disclosed, but on Wednesday a representative for the National Institutes of Health confirmed that one of the organization's servers had been compromised. 'Additional servers were isolated as a precaution,' he said. The news of the compromise was first reported by the Washington Post. Other outlets said the hacking campaign had breached an even broader range of US agencies. NextGov, citing multiple people familiar with the matter, reported the Department of Homeland Security had been hit, along with more than five to 12 other agencies. Politico, which cited two US officials, said multiple agencies were believed to have been breached. DHS' cyberdefense arm, CISA, did not immediately return a message seeking comment on the reports. Microsoft did not immediately return a message seeking further details on the ransomware angle of the hacking or the reported government victims. The spy campaign began after Microsoft failed to fully patch a security hole in its SharePoint server software, kicking off a scramble to fix the vulnerability when it was discovered. Microsoft and its tech rival, Google-owner Alphabet, have both said Chinese hackers are among those taking advantage of the flaw. Beijing has denied the claim.
