Cybersecurity researchers confirmed that there is an attack on Microsoft servers, affecting about 100 organizations. They attacked using a vulnerability that was not known before. Microsoft is also carrying out research and mitigation steps and encouraging seriously affected customers to install critical updates as soon as possible to ensure the safety of their systems with regards to this Microsoft server intrusion.

Highlights:

• Approximately 100 organizations were compromised in the Microsoft server breach.
• Attackers exploited a sophisticated, previously unknown vulnerability.
• The China-linked hacking group Storm-0558 is suspected.
• Microsoft is deploying patches and guidance to affected customers.
• Investigations continue to determine the full scope of data accessed.

The hack featured the weakness of using a zero-day vulnerability in certain Microsoft server setups. The intrusion was detected by researchers who noticed some suspicious activity in various client networks. This case of a Microsoft server being hacked is an eye-opener to the dangers of escalated persistent threat groups attacking sensitive information using vulnerabilities on foundational platforms.

The organizations that are affected are the government agencies and private sector firms in various regions. It is not yet clear what types of information have been read, but huge amounts of emails and documents could have been stolen. The server attack by Microsoft also shows a cascade risk when security of core infrastructure providers is attacked.

Microsoft traced the breach of the Microsoft servers with a great degree of confidence to Storm-0558. The organization published critical patches and protection measures. Response timelines are subject to analysis and it is necessary that vendors reporting about critical vulnerabilities should be transparent so that in future such situations of breach of Microsoft server can be avoided.