Microsoft Server Exploit Traced to Single Actor, Risks Widen

Security experts believe the worldwide cyberattack on Microsoft SharePoint servers originated from a single threat actor which threatens thousands of organizations.

Microsoft released an alert during the weekend to warn users about ongoing attacks targeting its SharePoint software platform while its cloud-based Microsoft 365 SharePoint platform remains secure. The newly identified ”zero-day” vulnerability remained unknown to researchers until its discovery.

Sophos director of threat intelligence Rafe Pilling believes the uniform tactics and digital payloads across infected systems point to a single entity conducting this coordinated attack. The situation could evolve when attackers start replicating the breach.

Shodan’s internet-connected device tracker indicates that more than 8,000 vulnerable servers have been exposed. The affected organizations include industrial firms and banks together with auditors and healthcare providers and multiple U.S. and foreign government agencies.

Microsoft has released security patches for its customers to update their systems right away according to the company. The FBI conducts an investigation but has not established the attackers’ identity.

The Washington Post revealed that both U.S. and international institutions suffered attacks during recent days which increased concerns about the extent of the breach. The vulnerability poses a risk of triggering multiple attacks because experts believe it needs immediate resolution.