Microsoft

Microsoft warns of destructive disk wiper targeting Ukraine

EnlargeGetty Images reader comments 263 with 73 posters participating Share this story Share on Facebook Share on Twitter Share on Reddit Over the past few months, geopolitical tensions have escalated as Russia amassed tens of thousands of troops along Ukraine’s border and made subtle but far-reaching threats if Ukraine and NATO don’t agree to Kremlin…

Published 3 years ago in
Microsoft warns of destructive disk wiper targeting Ukraine
Microsoft warns of destructive disk wiper targeting Ukraine
Enlarge
Getty Images

reader comments

263

Over the past few months, geopolitical tensions have escalated as Russia amassed tens of thousands of troops along Ukraine’s border and made subtle but far-reaching threats if Ukraine and NATO don’t agree to Kremlin demands.

Now, a similar dispute is playing out in cyber arenas, as unknown hackers late last week defaced scores of Ukrainian government websites and left a cryptic warning to Ukrainian citizens who attempted to receive services.

Be afraid and expect the worst

“All data on the computer is being destroyed, it is impossible to recover it,” said a message, written in Ukrainian, Russian, and Polish, that appeared late last week on at least some of the infected systems. “All information about you has become public, be afraid and expect the worst.”

Enlarge

Around the same time, Microsoft wrote in a post over the weekend, “destructive” malware with the ability to permanently destroy computers and all data stored on them began appearing on the networks at dozens of government, nonprofit, and information technology organizations, all based in Ukraine. The malware—which Microsoft is calling Whispergate—masquerades as ransomware and demands $10,000 in bitcoin for data to be restored.

But Whispergate lacks the means to distribute decryption keys and provide technical support to victims, traits that are found in virtually all working ransomware deployed in the wild. It also overwrites the master boot record—a part of the hard drive that starts the operating system during bootup.

Advertisement

“Overwriting the MBR is atypical for cybercriminal ransomware,” members of the Microsoft Threat Intelligence Center wrote in Saturday’s post. “In reality, the ransomware note is a ruse and that the malware destructs MBR and the contents of the files it targets. There are

!–>
Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Microsoft

The Outer Worlds 2 is now $10 cheaper, as Obsidian details how to get a refund on your pre-order

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy. The Outer Worlds 2 is now $10 cheaper, as Obsidian details how to get a refund on your pre-order Cash in hand. Image credit: Obsidian News by Connor Makar Staff Writer Published on July 23

Published 23 hours ago in
The Outer Worlds 2 is now $10 cheaper, as Obsidian details how to get a refund on your pre-order

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

The Outer Worlds 2 is now $10 cheaper, as Obsidian details how to get a refund on your pre-order

Cash in hand.

A character in a leafy ghilli suit leaps over a platform towards the camera while being shot at from afar.
Image credit: Obsidian

Connor Makar avatar

News

by Connor Makar
Staff Writer

Published on

18 comments

The Outer Worlds 2, the upcoming sci-fi FPS by Obsidian Entertainment will now be sold at $70 dollars, rather than the planned $80. This follows a statement by Microsoft confirming the U-turn earlier today.

Those who have already purchased the game at the $80 price point on Steam will have the purchase refunded and re-bought at the lower figure. On Battle.net, those who pre-ordered the game will have their orders cancelled and refunded, and will have to re-buy the game. Those on Xbox and PlayStation will have the difference refunded in the upcoming days.

This announcement was made on The Outer Worlds official social media accounts, with a cute in-universe statement and graphic. On the official Obsidian website, further explanation on how the price change will affect those who’ve already spent money has been provided.

Cover image for YouTube videoThe Outer Worlds 2 – Official Gameplay Trailer

Watch the gameplay trailer

Read More

Continue Reading
Microsoft

Microsoft reverses $80 first-party price hike to keep “full priced holiday releases in line with current conditions”

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy. Home News Microsoft reverses $80 first-party price hike to keep “full priced holiday releases in line with current conditions” Starting with The Outer Worlds 2 Image credit: Obsidian Entertainment News by Vikki Blake Contributor Published

Published 2 days ago in
Microsoft reverses $80 first-party price hike to keep “full priced holiday releases in line with current conditions”

If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Microsoft reverses $80 first-party price hike to keep “full priced holiday releases in line with current conditions”

Starting with The Outer Worlds 2

Image credit: Obsidian Entertainment

Vikki Blake avatar

News

by Vikki Blake
Contributor

Published on

Just weeks after confirming The Outer Worlds 2 will be the first Microsoft game to retail for $80, Microsoft has reversed the decision, revealing the highly-anticipated sequel will now launch for $69.99 in keeping with typical AAA pricing.

This will apply not just to The Outer Worlds 2, but indeed other “full priced holiday releases” launched across the period.

In a statement, a Microsoft spokesperson said Xbox was “focused on bringing players incredible worlds to explore, and will keep our full priced holiday releases, including The Outer Worlds 2, at $69.99, in line with current market conditions.”

On social media, developer Obsidian posted: “We have received your SOS via skip drone about the pricing. As an organization devoted to making sure that corporations do not go unfettered, we at the Earth Directorate have worked with [REDACTED] to revise the price of The Outer Worlds 2. While this will not bring peace to the galaxy, or even your local colony, we assure you all that we are here to fight for all colonies in every way that we can.”

Microsoft announced last month that The Outer Worlds 2 would be the first Xbox title to retail at $80 following Microsoft’s planned price rises in May.

“We understand that these changes are challenging, and th

Read More

Continue Reading
Microsoft

Coyote malware abuses Windows accessibility framework for data theft

A new variant of the banking trojan ‘Coyote’ has begun abusing a Windows accessibility feature, Microsoft’s UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. …

Published 4 days ago in
Coyote malware abuses Windows accessibility framework for data theft

A new variant of the banking trojan ‘Coyote’ has begun abusing a Windows accessibility feature, Microsoft’s UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. …
Read More

Continue Reading
Microsoft

Microsoft Server Software Comes Under Widespread Cyberattack

Breadcrumb Trail Links Home PMN Business Share this Story : Microsoft Rushes to Stop Hackers from Wreaking Global Havoc Copy Link Email X Reddit Pinterest LinkedIn Tumblr Microsoft Rushes to Stop Hackers from Wreaking Global Havoc Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the

Published 3 weeks ago in
Microsoft Server Software Comes Under Widespread Cyberattack

Microsoft Rushes to Stop Hackers from Wreaking Global Havoc

Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the globe and steal sensitive information, according to officials and cybersecurity researchers.

Bloomberg News
Jake Bleiberg, Jane Lanhee Lee and Ryan Gallagher
Published Jul 20, 2025

Last updated Jul 21, 2025

4 minute read
Join the conversation

A Microsoft signage in New York, US, on Friday, Oct. 25, 2src24. Microsoft Corp. is scheduled to release earnings figures on October 3src. Photographer: Jeenah Moon/Bloomberg
A Microsoft signage in New York, US, on Friday, Oct. 25, 2024. Microsoft Corp. is scheduled to release earnings figures on October 30. Photographer: Jeenah Moon/Bloomberg Photo by Jeenah Moon /Bloomberg

(Bloomberg) — Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the globe and steal sensitive information, according to officials and cybersecurity researchers.

Microsoft over the weekend released a patch for the vulnerability in servers of the SharePoint document management software. The company said it was still working to roll out other fixes after warnings that hackers were targeting SharePoint clients, using the flaw to enter file systems and execute code.

Story continues below

Multiple different hackers are launching attacks through the Microsoft vulnerability, according to representatives of two cybersecurity firms, CrowdStrike Holdings, Inc. and Google’s Mandiant Consulting.

Hackers have already used the flaw to break into the systems of national governments in Europe and the Middle East, according to a person familiar with the matter. In the US, they’ve accessed government systems, including ones belonging to the US Department of Education, Florida’s Department of Revenue and the Rhode Island General Assembly, said the person, who spoke on condition that they not be identified discussing the sensitive information.

Representatives of the Department of Education and Rhode Island legislature didn’t respond to calls and emails seeking comment Monday. A Florida Department of Revenue spokesperson, Bethany Wester Cutillo, said in an email that the SharePoint vulnerability is being investigated “at multiple levels of government” but that the state agency “does not comment publicly on the software we use for operations.”

Story continues below

The hackers also breached the systems of a US-based health-care provider and targeted a public university in Southeast Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report doesn’t identify either entity by name, but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information. 

In some systems they’ve broken into, the hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, according to a person familiar with the matter, who also spoke on condition that they not be identified discussing the sensitive information.

“This is a high-severity, high-urgency threat,” said Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks Inc. 

“What makes this especially concerning is SharePoint’s deep integration with Microsoft’s platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,” he said. “A compromise doesn’t stay contained—it opens the door to the entire network.” 

(Bloomberg) — Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the globe and steal sensitive information, according to officials and cybersecurity researchers.

Microsoft over the weekend released a patch for the vulnerability in servers of the SharePoint document management software. The company said it was still working to roll out other fixes after warnings that hackers were targeting SharePoint clients, using the flaw to enter file systems and execute code.

Story continues below

Multiple different hackers are launching attacks through the Microsoft vulnerability, according to representatives of two cybersecurity firms, CrowdStrike Holdings, Inc. and Google’s Mandiant Consulting.

Hackers have already used the flaw to break into the systems of national governments in Europe and the Middle East, according to a person familiar with the matter. In the US, they’ve accessed government systems, including ones belonging to the US Department of Education, Florida’s Department of Revenue and the Rhode Island General Assembly, said the person, who spoke on condition that they not be identified discussing the sensitive information.

Representatives of the Department of Education and Rhode Island legislature didn’t respond to calls and emails seeking comment Monday. A Florida Department of Revenue spokesperson, Bethany Wester Cutillo, said in an email that the SharePoint vulnerability is being investigated “at multiple levels of government” but that the state agency “does not comment publicly on the software we use for operations.”

Story continues below

The hackers also breached the systems of a US-based health-care provider and targeted a public university in Southeast Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report doesn’t identify either entity by name, but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information. 

In some systems they’ve broken into, the hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, according to a person familiar with the matter, who also spoke on condition that they not be identified discussing the sensitive information.

“This is a high-severity, high-urgency threat,” said Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks Inc. 

“What makes this especially concerning is SharePoint’s deep integration with Microsoft’s platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,” he said. “A compromise doesn’t stay contained—it opens the door to the entire network.” 

Trending

  1. Canadian steel has no ‘practical’ foreign markets beyond U.S., says Algoma CEO

    Algoma Steel

    Commodities

  2. Howard Levitt: The strike threat from Air Canada’s flight attendants is a moonshot — and unlikely to land

    An Air Canada flight prepares to land at Toronto Pearson International Airport in Mississauga, Ont.

    Work

  3. Story continues below

  4. What you need to know in the event of an Air Canada strike

    The Air Canada check-in kioks at the Calgary International Airport.

    Airlines

  5. ‘Worst jobs reading in three years’ raises odds of Bank of Canada rate cut next month

    jobs board

    Economy

  6. Posthaste: Did Ontario’s premier just try to mess with the Bank of Canada’s independence again?

    Doug Ford

    News

Advertisement

Tens of thousands — if not hundreds of thousands — of businesses and institutions worldwide use SharePoint in some fashion to store and collaborate on documents. Microsoft said that attackers are specifically targeting clients running SharePoint servers from their own on-premise networks, as opposed to being hosted and managed by the tech firm. That could limit the impact to a subsection of customers.

A Microsoft spokesperson declined to comment beyond an earlier statement.

“It’s a dream for ransomware operators,” said Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys. He estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of such firms, followed by the Netherlands, the UK and Canada, he said. 

The breaches have drawn new scrutiny to Microsoft’s efforts to shore up its cybersecurity after a series of high-profile failures. The firm has hired executives from places like the US government and holds weekly meetings with senior executives to make its software more resilient. The company’s tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company’s security culture as in need of urgent reforms.

Story continues below

The Center for Internet Security, which operates a cybersecurity information sharing system for state and local governments in the US, found more than 1,100 servers that are at risk from the SharePoint vulnerability, said Randy Rose, the organization’s vice president of security operations and intelligence. Rose said more than 100 were likely hacked.

The Washington Post reported that the breach had affected US federal and state agencies, universities, energy companies and an Asian telecommunications company, citing state officials and private researchers.

Eye Security was the first to identify that attackers were actively exploiting the vulnerabilities in a wave of cyberattacks that began on Friday, said Vaisha Bernard, the company’s chief hacker and co-owner.

Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems.

Story continues below

The SharePoint vulnerabilities, known as “ToolShell,” were first identified in May by researchers at a Berlin cybersecurity conference. In early July, Microsoft issued patches to fix the security holes, but hackers found another way in.

“There were ways around the patches,” which enabled hackers to break into SharePoint servers by tapping into similar vulnerabilities, said Bernard. “That allowed these attacks to happen.” The intrusions, he said, were not targeted and instead were aimed at compromising as many victims as possible. After scanning about 8,000 SharePoint servers, Bernard said he has so far identified at least 50 that were successfully compromised.

He declined to identify the identity of organizations that had been targeted, but said they included government agencies and private companies, including “bigger multinationals.” The victims were located in countries in North and South America, the EU, South Africa, and Australia, he added.

—With assistance from Lynn Doan, Cameron Fozi, Daniel Cancel, Aashna Shah, Jane Lanhee Lee and Patrick Howell O’Neill.

(Updates with additional information beginning in third paragraph.)

Comments
You must be logged in to join the discussion or read more comments.
Create an AccountSign in
Join the Conversation

Postmedia is committed to maintaining a lively but civil forum for discussion. Please keep comments relevant and respectful. Comments may take up to an hour to appear on the site. You will receive an email if there is a reply to your comment, an update to a thread you follow or if a user you follow comments. Visit our Community Guidelines for more information.

Read More

Continue Reading