WASHINGTON/LONDON: A large-scale cyber espionage campaign targeting Microsoft SharePoint servers has compromised around 100 organizations, according to cybersecurity researchers. The attack exploits a previously unknown vulnerability, allowing hackers to infiltrate systems and potentially install backdoors for persistent access.
Microsoft issued an alert on Saturday warning of “active attacks” on self-hosted SharePoint servers, though cloud-based instances remain unaffected. The flaw, classified as a “zero-day” due to its prior obscurity, enables unauthorized access to sensitive data.
Netherlands-based Eye Security and the Shadowserver Foundation identified nearly 100 victims before the hacking method became widely known. “It’s unambiguous,“ said Vaisha Bernard, chief hacker at Eye Security. “Who knows what other adversaries have done since to place other backdoors.”
Most affected organizations are in the US and Germany, with government agencies among the victims. Shadowserver estimates over 9,000 servers could be vulnerable, including industrial firms, banks, and healthcare providers.
Google linked some attacks to a “China-nexus threat actor,“ though Beijing denies involvement. The FBI and UK’s National Cyber Security Center are investigating, urging affected entities to apply security patches immediately.
Daniel Card of PwnDefend warned, “Just applying the patch isn’t all that is required here,“ emphasizing the need for thorough security reviews. - Reuters
