A SWEEPING cyberespionage operation targeting Microsoft server software compromised about 100 different organisations as of the weekend, one of the researchers who helped uncover the campaign said yesterday.
Microsoft on Saturday issued an alert about “active attacks” on self-managed SharePoint servers, which are widely used by government agencies and businesses to share documents within organisations. Dubbed a “zero day” because it leverages a previously undisclosed digital weaknesses, the hacks allow spies to penetrate vulnerable servers and potentially drop a back door to secure continuous access to victim organizations.
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the ShadowServer Foundation had uncovered nearly 100 victims altogether – and that was before the technique behind the hack was widely known.
“It’s unambiguous,” Bernard said. “Who knows what other adversaries have done since to place other back doors.”
He declined to identify the affected organisations, saying that the relevant national authorities had been notified. The ShadowServer Foundation didn’t immediately return a message seeking comment.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
&uuid=(email))