Select Language:
Cyber Attack Targets Microsoft SharePoint, Compromises 100 Organizations
Image Caption: The Microsoft logo on its office building in Beijing, China, May 25, 2023. — Reuters
WASHINGTON/LONDON: A significant cyber attack has disrupted approximately 100 organizations by exploiting vulnerabilities in Microsoft’s SharePoint server software, according to two organizations involved in uncovering the threat, reported on Monday.
The breach was detected over the weekend as part of a far-reaching hacking campaign that has raised global alarms.
On Saturday, Microsoft issued an alert regarding “active attacks” on self-hosted SharePoint servers, commonly used by businesses for internal collaboration and document sharing. Notably, SharePoint instances hosted on Microsoft’s own servers remain unaffected.
This breach is classified as a “zero-day” attack, utilizing an undisclosed digital vulnerability that allows cybercriminals to infiltrate weak servers and potentially install backdoors for ongoing access to the targeted organizations.
Vaisha Bernard, the chief cybersecurity expert at Eye Security, a Netherlands-based cybersecurity firm, disclosed that an internet scan performed with the Shadowserver Foundation identified nearly 100 victims, even before the specifics of the hacking method became widely known.
“It’s clear-cut,” Bernard stated. “We can only speculate on what other threats have been introduced since these backdoors were placed.”
He opted not to disclose the identities of the affected organizations, noting that the relevant national authorities have already been informed.
The Shadowserver Foundation corroborated the number of affected organizations, indicating that many are located in the United States and Germany, including certain government entities.
Another cybersecurity researcher suggested that the espionage appears to be orchestrated by either a single hacker or a cohesive group.
“This situation could easily evolve,” warned Rafe Pilling, Director of Threat Intelligence at Sophos, a UK-based cybersecurity firm.
Microsoft affirmed that it has “provided security updates and urges customers to implement them,” according to a spokesperson’s email statement.
While the identity of the hackers remains uncertain, Alphabet’s Google, which monitors significant segments of internet traffic, has linked some of the attacks to a “China-nexus threat actor.”
The Chinese Embassy in Washington did not immediately respond to inquiries, while Beijing consistently denies involvement in hacking.
The FBI acknowledged the attacks on Sunday and is collaborating closely with federal and private-sector partners, though they did not release additional details. Britain’s National Cyber Security Centre confirmed it is aware of “a limited number” of targets in the UK, noting that the initial focus appeared to be a specific set of government-related organizations.
The scope of potential targets continues to expand. Data from Shodan, a search engine for identifying internet-connected devices, suggests that over 8,000 servers could be compromised, with Shadowserver estimating the number to be slightly above 9,000 but cautioning that this is likely a conservative figure.
These servers span various industries, including major corporations, banks, auditors, healthcare organizations, and numerous local and international government agencies.
“The SharePoint incident seems to have resulted in widespread compromise across numerous servers globally,” remarked Daniel Card from British cybersecurity consultancy PwnDefend.
“Adopting an assumed breach strategy is prudent, and it is essential to recognize that merely applying the patch is insufficient.”
This revised account maintains the essential details while offering a unique perspective and phrasing.
Add us on ChatGPT
Add us on Perplexity
