As of the weekend, a broad cyber espionage campaign targeting Microsoft server software had penetrated over 100 firms, according to two organizations that assisted in exposing the assault on Monday.
Microsoft warned on Saturday of “active attacks” on self-hosted SharePoint servers, which are frequently used by businesses for internal collaboration and document sharing. Microsoft server-based SharePoint instances remained unaffected.
The hacks are known as “zero-day” attacks because they take use of an undiscovered digital vulnerability that enables spies to infiltrate systems and maybe open a backdoor to gain ongoing access to victim businesses.
According to Vaisha Bernard, the chief hacker at Eye Security, a cybersecurity company based in the Netherlands that learned about the hacking campaign targeting one of its clients on Friday, an internet scan conducted with the Shadowserver Foundation had found almost 100 victims in total—and that was before the hacking technique was well known.
“It’s unambiguous,” mentioned Bernard. “Who knows what other adversaries have done since to place other backdoors.”
He stated that the appropriate national authorities had been informed, but he would not name the impacted organizations.
The Shadowserver Foundation verified the 100 number and stated that government agencies were among the victims, with the majority of those impacted being in Germany and the United States.
There is still a large number of possible targets. Data from Shodan, a search engine that assists in identifying equipment connected to the internet, suggests that hackers may have already compromised more than 8,000 servers online.
Several U.S. state-level and foreign government agencies, banks, auditors, healthcare organizations, and large industrial corporations are among those servers.
According to Daniel Card of the British cybersecurity firm PwnDefend, “the SharePoint incident appears to have created a broad level of compromise across a range of servers globally.”
“Taking an assumed breach approach is wise, and it’s also important to understand that just applying the patch isn’t all that is required here.”