A wide-ranging cyber attack on Microsoft, with hackers impersonating users
Breaches target federal agencies, universities, and Asian energy and telecommunications companies.
A sign outside the headquarters of "Microsoft" in Redmond, Washington, USA - Source: Bloomberg
A sign outside the headquarters of "Microsoft" in Redmond, Washington, USA - Source: Bloomberg
Source:
Bloomberg
Unknown hackers exploited a security vulnerability to access Microsoft's server software, as analysts warned of breaches in large-scale cyber attacks worldwide.
The software company based in Redmond, Washington, stated that it has released a new security update for customers to apply to their SharePoint servers "to counter active attacks targeting on-premises servers," adding that it is working on releasing additional updates.
The U.S. Cybersecurity and Infrastructure Security Agency clarified that the security vulnerability allowed hackers to access internal file systems and settings, in addition to executing code.
Cyber attack on "Microsoft"
Cybersecurity companies warned that a wide range of organizations around the world could be affected by this breach. Silas Cutler, a researcher at Censys, a cybersecurity firm based in Michigan, estimated that over 10,000 companies using SharePoint servers are at risk. He also noted that the United States has the largest number of those companies, followed by the Netherlands, the United Kingdom, and Canada.
He added: "It's a dream for ransomware operators, and many hackers will also be working over the weekend."
Palo Alto Networks warned that "these vulnerabilities are indeed being exploited and are real, posing a serious threat." Meanwhile, Google's Threat Intelligence Group stated in an email that it has detected hackers exploiting this vulnerability, adding that it allows for "persistent and impersonated access, representing a significant risk to affected organizations."
Jean Yu, CEO of Blackpanda, a cybersecurity incident response firm based in Singapore, said: "When hackers can breach the fortress that is SharePoint, everyone is at their mercy because this system has the highest security protocols."
Victims of the "Microsoft" attack
The Washington Post reported from government officials and independent researchers that the attack targeted federal and local agencies in the United States, as well as universities and energy companies, in addition to an Asian telecommunications company.
Cutler clarified that researchers at Eye Security were the first to identify the security vulnerability. The researchers reported a breach last Friday that resembled another demonstrated earlier in the week during a demo conducted by German researchers at Code White, who replicated vulnerabilities previously showcased by participants in the "Pwn2Own" hacking competition.
Eye Security clarified that the vulnerability allows hackers to access SharePoint servers and steal keys that enable them to impersonate users or services, even after the security update is installed. It also mentioned that hackers can maintain access through stealth methods to enter without authorization or modified components that can persist after updates or system reboots.
A Microsoft spokesperson declined to provide any further comment beyond the company's statement.
Cyber attacks from China
Microsoft has recently faced a series of cyber attacks, warning in March that hackers from China were targeting remote management tools and cloud computing applications in order to spy on several companies and organizations inside and outside the United States.
The "Cyber Safety Review Board," a group established by the White House to review major cyber attacks, stated last year that "Microsoft's" security culture was "inadequate," following a breach in 2023 of Exchange Online mailboxes, which enabled hackers to breach 22 organizations and hundreds of individuals, including former U.S. Commerce Secretary Gina Raimondo.
