Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say

A recent global cyberattack targeting Microsoft server software, which is widely used by countless government agencies and businesses for document sharing, is believed to be orchestrated by a single individual or group, according to cybersecurity experts. On Saturday, Microsoft issued a warning regarding ongoing attacks on SharePoint servers utilized by various organizations. Fortunately, the cloud-based SharePoint Online within Microsoft 365 remains unaffected by this vulnerability, identified as a 'zero day' exploit due to its prior unawareness among cybersecurity specialists. Rafe Pilling, the Director of Threat Intelligence at Sophos, a renowned British cybersecurity firm, noted the consistency in tactics observed across the attacks, suggesting they stem from a solitary source. "The campaign launched on Friday seems to indicate a single actor, although that could change rapidly," Pilling stated, highlighting the uniformity of the digital payloads dispatched to multiple targets. In response to the situation, Microsoft has issued security updates and is urging its customers to implement these patches as soon as possible. The identity of the perpetrators behind the ongoing breach remains uncertain. The FBI has acknowledged the attacks, confirming their collaboration with both federal and private sector partners, though no further specifics have been disclosed. Meanwhile, the UK's National Cyber Security Centre has yet to provide a comment on the matter. Reports indicate that unidentified hackers have exploited this vulnerability to target both U.S. and international entities in recent days. Data from Shodan, a search engine that detects internet-connected devices, reveals that over 8,000 servers may have already been compromised, affecting major industrial corporations, banks, healthcare organizations, and various government institutions at both state and international levels. Daniel Card, a consultant from the cybersecurity firm PwnDefend, emphasized the widespread nature of the compromise, stating, "The SharePoint incident seems to have resulted in a significant breach across numerous global servers. It is prudent to operate under the assumption that a breach has occurred, and simply applying the patch is not sufficient to resolve the issue."