Microsoft server hack hit 100 organisations: analysts
A comprehensive cyber espionage operation targeting Microsoft Server software endangered about 100 different organizations from two groups that helped the campaign to emerge.
On Saturday, Microsoft issued a warning on the “Active attacks” on Sharepoint servers, which are widely used by organizations to share documents and cooperate in organizations.
Sharepoint samples from Microsoft servers were not affected.
Since it benefits from a digital weakness that has not been described before, the so -called “zero -day” hacler allows spies to penetrate the vulnerable servers and leave a potentially back door to provide continuous access to victim organizations.
❗ Warning ❗ ASD’s ACSC is aware of a vulnerability that affects examples of Microsoft Office Sharepoint Server products. Organizations should take action immediately 👉 https://t.co/hb1atihawp pic.twitter.com/qqqqqqqqqqqqqqqqb7— Australian Signals Directorate (@asdgovau) 20 July 2025
Eye Security, a Dutch Cyber Security company, which discovered the hack campaign aimed at one of its customers on Friday, said that an internet screening with the Shadowserver Foundation has completely revealed about 100 victims with the Shadowserver Foundation, and that the technique behind the hackers was widely known.
“Obviously, Bernard said Bernard.
“Who knows what other competitors are doing to place other rear brushes?”
He refused to define the affected organizations by saying that the relevant national authorities were notified.
The Shadowserver Foundation confirmed the 100th figure and said that most of the affected were in the United States and Germany and that the victims contain government organizations.
Another researcher said that so far, the espionage seems to be the job of a single cluster of a single hacker or hacker.
“This is possible to change rapidly,” said Raber Porting, a British Cyber Security Company Sophos Threat Intelligence Director.
In a statement made by a company spokesman E -Post, Microsoft said that “provides security updates and encourages customers to install.”
It was not clear who was behind the ongoing hack.
FBI said on Sunday that he was aware of the attacks and that he works closely with federal and private sector partners, but did not offer any other details.
British National Cyber Security Center said in a statement that he was aware of the “limited number” target in the UK.
A researcher who watched the campaign said that the campaign initially appeared for a narrow state -related organizations.
Potential targets remain wide.
According to the data of Shodan, a search engine that helps to identify internet -connected equipment, more than 8000 online servers may theoretically endanger by computer pirates.
These servers include large industrial companies, banks, auditors, health companies and US state level and international government organizations.
“Sharepoint seems to have created a wide compromise on various servers globally,” Daniel Card of the UK Cyber Security Consultancy Pwndefend. He said.
“It is also important to get a default violation approach and it is also important to understand that it is not necessary only to apply the patch here.”
