Hackers exploit Microsoft flaw to target 100 organisations: report

A newly discovered vulnerability in Microsoft's SharePoint software has been exploited to breach approximately 100 organisations in an ongoing cyber-espionage campaign, according to security researchers cited in a recent Reuters report.

The attack, which targets self-hosted SharePoint servers used for internal document sharing, allows hackers to gain access and potentially install hidden backdoors for continued spying, states the report. Cloud-based SharePoint services remain unaffected.  

Dutch cybersecurity firm Eye Security first detected the attacks on Friday when investigating a client's breach, says Reuters. Working with the non-profit Shadowserver Foundation, they identified approximately 100 victims across multiple countries, primarily in the US and Germany, including government agencies.

In response, Microsoft has released security updates to patch the previously unknown 'zero-day' vulnerability and urges customers to install them immediately. Cybersecurity experts warn that the attacks appear concentrated but may spread as knowledge of the hacking technique becomes more widespread.  

According to Reuters, authorities have been notified about the breaches, though the identity and motives of the hackers remain unclear. Security professionals advise organisations using self-hosted SharePoint to apply Microsoft's updates without delay.