Latest news with #Shodan
NDTV
21 hours ago
- Business
- NDTV
Microsoft Server Hack Likely Single Actor, Over 8,000 Firms Hit
A global attack on Microsoft server software used by thousands of government agencies and businesses to share documents within organisations is likely the work of a single actor, a cybersecurity researcher said on Monday. Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day" because it was previously unknown to cybersecurity researchers. "Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm. That tradecraft included the sending of the same digital payload to multiple targets, Pilling added. Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement. It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre did not immediately respond to a request for comment. The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted US and international agencies and businesses. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Those servers include major industrial firms, banks, auditors, healthcare companies, and several US state-level and international government entities. "The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend. "Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
Al Etihad
3 days ago
- Business
- Al Etihad
Microsoft server hack hit about 100 organisations, researchers say
21 July 2025 22:36 WASHINGTON/LONDON (REUTERS)A sweeping cyber espionage operation targeting Microsoft server software compromised about 100 different organisations as of the weekend, two of the organisations that helped uncover the campaign said on on Saturday issued an alert about "active attacks" on self-hosted SharePoint servers, which are widely used by organisations to share documents and collaborate within organisations. SharePoint instances run off of Microsoft servers were a "zero-day" because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether - and that was before the technique behind the hack was widely known."It's unambiguous," Bernard said. "Who knows what other adversaries have done since to place other backdoors."He declined to identify the affected organisations, saying that the relevant national authorities had been Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany, and that the victims included government researcher said that, so far, the spying appeared to be the work of a single hacker or set of said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed was not clear who was behind the ongoing pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Those servers include major industrial firms, banks, auditors, healthcare companies, and several US state-level and international government entities.
West Australian
3 days ago
- Business
- West Australian
Microsoft server hack hit 100 organisations: analysts
A sweeping cyber espionage operation targeting Microsoft server software has compromised about 100 different organisations, two of the groups that helped uncover the campaign say. Microsoft on Saturday issued an alert about "active attacks" on self-hosted SharePoint servers, which are widely used by organisations to share documents and collaborate within organisations. SharePoint instances run off of Microsoft servers were unaffected. Dubbed a "zero-day" because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organisations. Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether - and that was before the technique behind the hack was widely known. "It's unambiguous," Bernard said. "Who knows what other adversaries have done since to place other backdoors." He declined to identify the affected organisations, saying that the relevant national authorities had been notified. The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organisations. Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers. "It's possible that this will quickly change," said Rafe Pilling, director of Threat Intelligence at Sophos, a British cybersecurity firm. Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement. It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners but offered no other details. The UK National Cyber Security Centre said in a statement that it was aware of "a limited number" of targets in the United Kingdom. A researcher tracking the campaign said that the campaign appeared initially aimed at a narrow set of government-related organisations. The pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, more than 8000 servers online could theoretically have already been compromised by hackers. Those servers include major industrial firms, banks, auditors, healthcare companies and several US state-level and international government entities. "The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," Daniel Card of UK cybersecurity consultancy PwnDefend said. "Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
Perth Now
3 days ago
- Business
- Perth Now
Microsoft server hack hit 100 organisations: analysts
A sweeping cyber espionage operation targeting Microsoft server software has compromised about 100 different organisations, two of the groups that helped uncover the campaign say. Microsoft on Saturday issued an alert about "active attacks" on self-hosted SharePoint servers, which are widely used by organisations to share documents and collaborate within organisations. SharePoint instances run off of Microsoft servers were unaffected. Dubbed a "zero-day" because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organisations. ❗ ALERT ❗ ASD's ACSC is aware of a vulnerability affecting instances of Microsoft Office SharePoint Server products. Organisations should take immediate action 👉 Australian Signals Directorate (@ASDGovAu) July 20, 2025 Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether - and that was before the technique behind the hack was widely known. "It's unambiguous," Bernard said. "Who knows what other adversaries have done since to place other backdoors." He declined to identify the affected organisations, saying that the relevant national authorities had been notified. The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organisations. Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers. "It's possible that this will quickly change," said Rafe Pilling, director of Threat Intelligence at Sophos, a British cybersecurity firm. Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement. It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners but offered no other details. The UK National Cyber Security Centre said in a statement that it was aware of "a limited number" of targets in the United Kingdom. A researcher tracking the campaign said that the campaign appeared initially aimed at a narrow set of government-related organisations. The pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, more than 8000 servers online could theoretically have already been compromised by hackers. Those servers include major industrial firms, banks, auditors, healthcare companies and several US state-level and international government entities. "The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," Daniel Card of UK cybersecurity consultancy PwnDefend said. "Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
New York Post
3 days ago
- Business
- New York Post
Microsoft SharePoint server hack likely caused by single actor — and thousands of firms now vulnerable: researchers
A sweeping cyberespionage operation targeting Microsoft server software compromised about 100 different organizations as of the weekend, one of the researchers who helped uncover the campaign said Monday. Microsoft on Saturday issued an alert about 'active attacks' on self-managed SharePoint servers, which are widely used by government agencies and businesses to share documents within organisations. Dubbed a 'zero day' because it leverages a previously undisclosed digital weaknesses, the hacks allow spies to penetrate vulnerable servers and potentially drop a back door to secure continuous access to victim organizations. Microsoft on Saturday issued an alert about 'active attacks' on SharePoint servers used within organizations. Gorodenkoff – Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the ShadowServer Foundation had uncovered nearly 100 victims altogether – and that was before the technique behind the hack was widely known. 'It's unambiguous,' Bernard said. 'Who knows what other adversaries have done since to place other back doors.' He declined to identify the affected organizations, saying that the relevant national authorities had been notified. The ShadowServer Foundation didn't immediately return a message seeking comment. Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers. 'It's possible that this will quickly change,' said Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm. Microsoft said it had 'provided security updates and encourages customers to install them,' a company spokesperson said in an emailed statement. Microsoft said it had 'provided security updates and encourages customers to install them.' REUTERS It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Center said in a statement that it was aware of 'a limited number' of targets in the United Kingdom. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities. 'The SharePoint incident appears to have created a broad level of compromise across a range of servers globally,' said Daniel Card of British cybersecurity consultancy, PwnDefend. 'Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here.'
