Cyber Attacks Threaten Microsoft SharePoint Servers
Recent cyber operations aimed at Microsoft Server software have put around 100 organizations at significant risk as of the weekend. Microsoft issued a warning on Saturday regarding “active attacks” on self-managed SharePoint servers, which are commonly used by government and business entities for internal document sharing.
The attackers are exploiting unknown vulnerabilities, often referred to as “zero-days,” which allow them to infiltrate weak servers and possibly install backdoors for ongoing access into the networks of affected organizations.
Vaisha Bernard, Chief Hacker at Eye Security, a Netherlands-based cybersecurity firm, noted that a hacking campaign targeting one of their clients was discovered on Friday. An internet scan by the Shadowserver Foundation revealed nearly 100 victims before the methodologies behind the attacks became publicly known.
“That’s not entirely clear,” Bernard commented. “I mean, it’s uncertain what other hostile entities might have done to establish additional backdoors.” He chose not to disclose which organization was affected but mentioned that national authorities had been informed. Meanwhile, Shadowserver Foundation has not provided a comment.
One researcher speculated that the attacks are currently being conducted by either a single hacker or a small group. “This could all change very quickly,” remarked Rafe Pilling, director of threat intelligence at Sophos, a UK-based cybersecurity firm.
Microsoft reassured users, stating, through a spokesperson, that the company offers security updates and strongly encourages customers to install them.
The identity of the attackers remained ambiguous. The FBI stated on Sunday that they are aware of the situation and are collaborating with both federal and private sector partners, though further details were not disclosed. The UK’s National Cybersecurity Centre identified a “limited number” of targeted entities within the UK.
Data from Shodan, a search engine that identifies internet-connected devices, indicated that over 8,000 servers online could already be at risk of compromise by hackers. This number includes major sectors like industrial companies, banks, healthcare organizations, and various governmental agencies at both state and international levels.
Daniel Card, a cybersecurity consultant at Pwndefend in the UK, remarked on the incident’s broad impact: “The SharePoint vulnerability seems to have caused extensive compromises across multiple servers globally.” He emphasized the need for a comprehensive response, stating, “It’s essential to take a thorough approach to addressing the violation, as simply applying patches won’t suffice.”
