UPDATE: A massive cyber espionage campaign has compromised approximately 100 organizations globally, targeting vulnerable Microsoft server software. The alert comes just hours after Microsoft issued a warning about “active attacks” on self-hosted SharePoint servers, crucial tools for document sharing and collaboration.
The Australian Signals Directorate (ASD) confirmed the seriousness of the situation, urging organizations to take immediate action against a vulnerability affecting Microsoft Office SharePoint Server products. This breach, classified as a “zero-day” exploit, takes advantage of an undisclosed digital weakness, allowing hackers to infiltrate servers and potentially implant backdoors for ongoing access.
“It’s unambiguous,” said Vaisha Bernard, chief hacker at Eye Security, who first detected the campaign targeting a client on Friday. “Who knows what other adversaries have done since to place other backdoors.”
The investigation into the breach revealed that most victims are located in the United States and Germany, including government agencies. As of this morning, the Shadowserver Foundation confirmed the total of 100 compromised entities, emphasizing the potential for even broader impacts.
Cybersecurity experts are on high alert, as the ongoing investigation indicates that the attacks may be the work of a single hacker or a coordinated group. “It’s possible that this will quickly change,” warned Rafe Pilling, director of Threat Intelligence at Sophos.
Microsoft has responded by providing security updates and is urging all customers to install them immediately. Yet, as the FBI has acknowledged, the identity of the hackers remains unknown, and authorities are collaborating with both federal and private-sector partners to address the incident.
The UK National Cyber Security Centre has also reported awareness of a limited number of targets in the UK, highlighting the global nature of this threat. Experts stress that the pool of potential victims could be vast, with over 8,000 servers identified as vulnerable through data from Shodan, a search engine for internet-linked devices.
Daniel Card from UK consultancy PwnDefend noted, “The SharePoint incident appears to have created a broad level of compromise across a range of servers globally.” He emphasized the importance of assuming a breach and highlighted that simply applying patches is insufficient for security.
With the situation still developing, organizations are being urged to stay vigilant and proactive in their cybersecurity measures. As the investigation unfolds, further updates are expected regarding the scale and implications of this sophisticated hacking operation.
Stay tuned for more detailed reports as authorities continue to assess the impact and respond to this urgent cybersecurity threat.
