.jpg)
7 hours ago
1
Article content
Representatives of the US Department of Education and Rhode Island legislature meanwhile didn’t respond to calls and emails seeking comment. The Florida Department of Revenue said the SharePoint weaknesses were being investigated “at multiple levels of government” but declined further comment.
Article content
The hackers have also breached the systems of a US-based health-care provider and targeted a public university in Southeast Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report doesn’t identify either entity by name, but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information.
Article content
Hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, from some systems, according to a person familiar with the matter, who asked not to be identified discussing sensitive information.
Article content
“This is a high-severity, high-urgency threat,” said Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks Inc.
Article content
Article content
“What makes this especially concerning is SharePoint’s deep integration with Microsoft’s platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,” he said.
Article content
The cyber firm Eye Security said the flaws allow hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems.
Article content
The breaches have drawn new scrutiny to Microsoft’s efforts to shore up its security after a series of high-profile failures. The firm has hired executives from places like the US government and holds weekly meetings with senior executives to make its software more resilient. The company’s tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company’s security culture as in need of urgent reforms.
Article content
Eye Security has detected compromises on more than 100 servers representing 60 victims, including organizations in the energy sector, consulting firms and universities. Victims were also located in Saudi Arabia, Vietnam, Oman and the United Arab Emirates, according to the company.
Article content
Article content
In early July, Microsoft issued patches to fix the security holes, but hackers found another way in.
Article content
“There were ways around the patches” that enabled hackers to break into SharePoint servers by tapping into similar vulnerabilities, said Vaisha Bernard, Eye Security’s chief hacker and co-owner. “That allowed these attacks to happen.” The intrusions, he said, were not targeted and instead were aimed at compromising as many victims as possible.
Article content
He declined to identify the identity of organizations that had been targeted, but said they included government agencies and private companies, including “bigger multinationals.” The victims were located in countries in North and South America, the European Union, South Africa and Australia, he said.
Article content
English (US)