Khaberni -A cybersecurity researcher said on Monday that a global attack on Microsoft's server software, which is used by thousands of government agencies and companies to share documents within organizations, is likely orchestrated by a single actor.
On Saturday, "Microsoft" issued an alert about "active attacks" on "SharePoint" servers used internally within organizations, noting that "SharePoint Online" in "Microsoft 365", available in the cloud, was not affected by the attack, which is known as a "zero-day" attack, because it targeted a vulnerability previously unknown to cybersecurity researchers.
Ralph Billing, Director of Threat Intelligence at British cybersecurity firm "Sophos," said: "Based on the consistency of the attack methods observed in the monitored attacks, it appears that the campaign launched on Friday is (backed by) a single actor. However, this is likely to change quickly," according to "Reuters".
Billing added that the attack methods included sending the same digital payload to multiple targets.
A "Microsoft" spokesperson, in a statement sent via email, said that the company "has provided security updates and encourages customers to install them".
It is still unclear who is behind the breach that is still ongoing. The U.S. Federal Bureau of Investigation said on Sunday that it is aware of the attacks and is closely cooperating with its federal and private sector partners, but did not provide any further details.
The Washington Post reported that unidentified entities exploited a security flaw in recent days to launch an attack targeting U.S. and international agencies and companies.
According to data from "Shodan," an internet-connected equipment search engine, theoretically, more than 8,000 servers connected to the internet may have already been breached by hackers.
These servers include large industrial companies, banks, auditing firms, healthcare companies, and several U.S. state-level government bodies, as well as entities belonging to other countries' governments.
Daniel Card, from the British cybersecurity consultancy "PwnDefend," said: "It seems that the SharePoint incident has created a wide level of penetration across a range of servers around the world."
He added: "Adopting an assumption of breach is (a) wise approach, and it is also important to realize that just applying the patch is not all that is needed here."
