Microsoft Servers Hacked: 100+ Orgs Hit

A significant cyber-espionage campaign has recently come to light, targeting Microsoft server infrastructure and compromising approximately 100 organizations over the course of a weekend.

The incident centers around a critical vulnerability in self-hosted SharePoint servMicrosofters, which are commonly used by businesses and institutions for document sharing and internal collaboration.

Microsoft’s cloud-based SharePoint offerings were not impacted.

On Saturday, Microsoft issued a security advisory warning of “active attacks” exploiting the flaw.

The vulnerability, described as a “zero-day” because it involved a previously unknown security gap, allowed attackers to infiltrate susceptible systems.

Once inside, hackers could install backdoors, ensuring continued access to the affected networks.

The breach was first discovered by Eye Security, a cybersecurity company based in the Netherlands.

According to Vaisha Bernard, the firm’s lead hacker, the attack was initially identified when one of Eye Security’s clients fell victim on Friday.

Working with the Shadowserver Foundation, a nonprofit focused on cybersecurity intelligence, Eye Security conducted an extensive scan of the internet and identified close to 100 compromised systems—this, even before the exploit technique became widely known in the cybersecurity community.

“It’s unmistakable,” Bernard noted.

“There’s no telling how many additional backdoors other threat actors may have deployed since.”

Although he declined to disclose the identities of the affected organizations, Bernard confirmed that the appropriate national security agencies had been alerted.

The Shadowserver Foundation corroborated the number of victims and revealed that most were located in the United States and Germany.

Among the targets were various government agencies, suggesting that the breach could have far-reaching implications for national security and critical infrastructure.

Cybersecurity experts have suggested that, at least for now, the campaign appears to be the work of a single hacking group or coordinated team.

However, the situation remains fluid.

Rafe Pilling, Director of Threat Intelligence at British cybersecurity firm Sophos, remarked, “There’s a real possibility that other malicious actors could leverage the same exploit in the near future.”

Microsoft has responded by releasing security updates to address the vulnerability and is urging users to apply the patches without delay.

In a brief statement, the company emphasized its commitment to safeguarding its users and noted that customers should implement the updates as a matter of urgency.

So far, the identity of the perpetrators remains unclear.

The FBI acknowledged on Sunday that it is monitoring the situation and working closely with both federal and private partners but did not provide further details.

Meanwhile, the United Kingdom’s National Cyber Security Centre (NCSC) confirmed a “limited number” of affected organizations within the country.

One researcher tracking the incident stated that the attack initially appeared to focus on a select group of government-related institutions.

The potential scale of the attack is troubling.

Data from Shodan, an online search engine that indexes internet-connected devices, shows that over 8,000 SharePoint servers worldwide could be exposed and vulnerable to this type of exploit.

These systems span a wide range of sectors, including large industrial corporations, financial institutions, healthcare providers, auditing firms, and both U.S. state and international government bodies.

Daniel Card, of UK-based cybersecurity consultancy PwnDefend, stressed the gravity of the situation.

“This SharePoint vulnerability seems to have enabled widespread infiltration across servers globally.

“Organizations should assume they’ve been compromised and respond accordingly.

“Applying the patch is just one step; a full investigation and review are also critical.”

Despite the seriousness of the security breach, Microsoft’s stock performance remained relatively unaffected as of Monday afternoon.

Shares were up a modest 0.06 percent by 3 p.m. in New York (19:00 GMT) and had gained over 1.5 percent over the previous five trading days.

This breach serves as a stark reminder of the persistent threats posed by sophisticated cyberattacks.

Organizations relying on vulnerable server configurations must act swiftly, not just to patch the immediate flaw, but to assess the extent of possible damage and secure their systems against future incursions.

For Diaspora Digital Media Updates click on Whatsapp, or Telegram. For eyewitness accounts/ reports/ articles, write to: citizenreports@diasporadigitalmedia.com. Follow us on X (Fomerly Twitter) or Facebook