A widespread cyber espionage operation targeting Microsoft SharePoint server software has compromised approximately 100 organizations over the past weekend. The attack, which exploits a previously unknown vulnerability in self-hosted SharePoint servers, was uncovered and publicly reported by two cybersecurity firms on Monday.
SharePoint instances running on Microsoft’s own servers were not affected. Dubbed a “zero-day” exploit, the vulnerability allows attackers to penetrate affected servers and potentially install backdoors, enabling persistent access to compromised organizations. Vaisha Bernard, chief hacker at Netherlands-based Eye Security, said their firm detected the hacking campaign targeting one of its clients on Friday. An internet scan conducted in collaboration with the Shadowserver Foundation revealed nearly 100 victims thus far, with the potential for more as knowledge of the exploit spreads.
Read Also: TikTok Returns to US App Store After Trump Postpones Ban
“It’s unambiguous,” Bernard stated. “Who knows what other adversaries have done since to place other backdoors.” Bernard declined to identify the affected organizations, citing notification of relevant national authorities. The Shadowserver Foundation confirmed the 100-victim figure, noting that the majority of those affected are located in the United States and Germany and that government entities are among the targets. Another security researcher suggests the activity appeared to be the work of one group of hackers, at least initially. “It’s possible that this will quickly change,” said Rafe Pilling, director of threat intelligence at British cybersecurity firm Sophos.
A Microsoft spokesperson stated via email that the company has “provided security updates and encourages customers to install them.” The identity of the actors behind the ongoing attacks remains unclear.
The FBI acknowledged awareness of the attacks on Sunday and indicated close collaboration with federal and private-sector partners but offered no further details. The UK’s National Cyber Security Centre issued a statement saying it was aware of “a limited number” of targets in the United Kingdom.
One security researcher indicated the campaign initially appeared to focus on a small group of government-affiliated organizations.
Potential Target Pool Remains Large
The pool of potential victims remains extensive. Data from Shodan, an engine used to discover internet-connected devices, suggests over 8,000 servers online could theoretically have been compromised.
These servers include those belonging to major industrial firms, banks, auditors, healthcare companies, and various U.S. state-level and international government entities. “The SharePoint incident appears to have created a broad level of compromise across a range of servers globally,” said Daniel Card of British cybersecurity consultancy, PwnDefend. “Taking an assumed breach approach is wise, and it’s also important to understand that just applying the patch isn’t all that is required here.”
On Wall Street, Microsoft’s stock performance remains relatively stable as of 3pm in New York (19:00 GMT), rising by only 0.06 percent. The stock has increased by over 1.5 percent over the past five trading days.
Source: Al Jazeera
SEC Sues Elon Musk Over Alleged Undisclosed X Share Purchases
