A major cyber espionage campaign has compromised around 100 organizations, exploiting a vulnerability in Microsoft server software. The attack, first discovered on Friday, targeted self-hosted SharePoint servers, a widely used platform for document sharing and collaboration within organizations.
Microsoft issued a security alert on Saturday, warning of “active attacks” on these self-hosted SharePoint servers. The good news is that SharePoint instances running on Microsoft’s servers were not affected. However, the hack, described as a “zero-day,” took advantage of a previously unknown flaw, allowing hackers to infiltrate vulnerable servers. Once inside, they could plant a backdoor to maintain access to the compromised organizations.
The cybersecurity firm Eye Security, based in the Netherlands, helped uncover the campaign when it discovered the hack on one of its clients. Vaisha Bernard, Eye Security’s chief hacker, confirmed the discovery, stating that a scan of the internet conducted with the Shadowserver Foundation had identified nearly 100 victims. This was before the hack’s technique became widely known.
Bernard emphasized the severity of the situation, noting, “It’s unambiguous. Who knows what other adversaries have done since to place other backdoors?” He also refrained from naming the affected organizations but assured that relevant authorities had been notified.
The Shadowserver Foundation confirmed the figures, adding that most of the compromised entities were in the United States and Germany, with some government organizations among the victims. Rafe Pilling, director of Threat Intelligence at Sophos, a British cybersecurity firm, said that although the attacks appeared to be the work of a single hacker or a small group, the situation could change rapidly.
Microsoft has responded by issuing security updates and urging customers to install them immediately. A spokesperson for the company said they were actively working to address the situation. The FBI has acknowledged the attacks and is collaborating with both federal and private-sector partners to investigate further. The National Cyber Security Center in the UK also confirmed awareness of the incidents, although it reported only a “limited number” of targets.
While the full scope of the attack remains unclear, data from Shodan, a search engine for internet-linked devices, suggests that over 8,000 servers could have been compromised, potentially affecting major industrial firms, banks, healthcare companies, and government entities across the globe.
As the attack continues to unfold, cybersecurity experts stress the importance of adopting a “breach approach” and emphasize that merely applying patches will not be enough to safeguard against future threats. Daniel Card, a consultant at PwnDefend, warned that the impact of the SharePoint breach could have widespread ramifications across multiple sectors globally.
The Microsoft incident highlights the growing sophistication of cyberattacks and the need for organizations to stay vigilant against evolving threats.
In other news, read about Meta’s action against copy-paste creators on Facebook following similar steps taken by YouTube to curb content duplication
