Skip to main content

Microsoft Server Hack

Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say





Unclear who is behind attacks


LONDON, July 21 (Reuters) - A global attack on Microsoft server software used by thousands of government agencies and businesses to share documents within organisations is likely the work of a single actor, a cybersecurity researcher said on Monday. Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day" because it was previously unknown to cybersecurity researchers.

"Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm. That tradecraft included the sending of the same digital payload to multiple targets, Pilling added. Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement.

It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre did not immediately respond to a request for comment. The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses.

According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.

"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend. "Taking an assumed breach approach is wise, and it’s also important to understand that just applying the patch isn’t all that is required here." (Reporting by James Pearson, Editing by Nick Zieminski)

Microsoft server breach, cybersecurity, data leak, threat actors, zero-day vulnerability, nation-state attack, Microsoft Exchange hack, email compromise, data exfiltration, cloud infrastructure breach, security patch, malware injection, APT group, vulnerability exploitation, cyber espionage, authentication bypass, system compromise, critical infrastructure, Microsoft threat intelligence, incident response

#MicrosoftHack, #ServerBreach, #CyberSecurity, #DataLeak, #ThreatActors, #ZeroDay, #NationStateAttack, #ExchangeHack, #EmailSecurity, #Malware, #APT, #Exfiltration, #MicrosoftBreach, #CloudSecurity, #PatchNow, #InfoSec, #CyberThreat, #SecurityAlert, #HackingNews, #IncidentResponse

Comments

Post a Comment

Popular posts from this blog

HealthAIoT: Revolutionizing Smart Healthcare! HealthAIoT combines Artificial Intelligence and the Internet of Things to transform healthcare through real-time monitoring, predictive analytics, and personalized treatment. It enables smarter diagnostics, remote patient care, and proactive health management, enhancing efficiency and outcomes while reducing costs. HealthAIoT is the future of connected, intelligent, and patient-centric healthcare systems. What is HealthAIoT? HealthAIoT is the convergence of Artificial Intelligence (AI) and the Internet of Things (IoT) in the healthcare industry. It integrates smart devices, sensors, and wearables with AI-powered software to monitor, diagnose, and manage health conditions in real-time. This fusion is enabling a new era of smart, connected, and intelligent healthcare systems . Key Components IoT Devices in Healthcare Wearables (e.g., smartwatches, fitness trackers) Medical devices (e.g., glucose monitors, heart rate sensors) Rem...
Post a Comment
Read more
Detecting Co-Resident Attacks in 5G Clouds! Detecting co-resident attacks in 5G clouds involves identifying malicious activities where attackers share physical cloud resources with victims to steal data or disrupt services. Techniques like machine learning, behavioral analysis, and resource monitoring help detect unusual patterns, ensuring stronger security and privacy in 5G cloud environments. Detecting Co-Resident Attacks in 5G Clouds In a 5G cloud environment, many different users (including businesses and individuals) share the same physical infrastructure through virtualization technologies like Virtual Machines (VMs) and containers. Co-resident attacks occur when a malicious user manages to place their VM or container on the same physical server as a target. Once co-residency is achieved, attackers can exploit shared resources like CPU caches, memory buses, or network interfaces to gather sensitive information or launch denial-of-service (DoS) attacks. Why are Co-Resident Attack...
Post a Comment
Read more
                        Neural Networks Neural networks are computing systems inspired by the human brain, consisting of layers of interconnected nodes (neurons). They process data by learning patterns from input, enabling tasks like image recognition, language translation, and decision-making. Neural networks power many AI applications by adjusting internal weights through training with large datasets.                                                    Structure of a Neural Network Input Layer : This is where the network receives data. Each neuron in this layer represents a feature in the dataset (e.g., pixels in an image or values in a spreadsheet). Hidden Layers : These layers sit between the input and output layers. They perform calculations and learn patterns. The more hidden layers a ne...
Post a Comment
Read more