*

Hack exploits previously unknown flaw in SharePoint

software

*

Thousands of entities potentially now vulnerable to attack

*

Around 100 different organizations compromised by hackers

(Adds comment from Netherlands-based researcher in paragraphs

3, 4, and 5. Adds comment from NCSC in paragraph 9.)

By James Pearson and Raphael Satter

WASHINGTON/LONDON, July 21 (Reuters) -

A sweeping cyberespionage operation targeting Microsoft ( MSFT )

server software compromised about 100 different

organizations as of the weekend, one of the researchers who

helped uncover the campaign said Monday.

Microsoft ( MSFT ) on Saturday issued an alert about "active

attacks" on self-managed SharePoint servers, which are widely

used by government agencies and businesses to share documents

within organisations. Dubbed a "zero day" because it leverages a

previously undisclosed digital weaknesses, the hacks allow spies

to penetrate vulnerable servers and potentially drop a back door

to secure continuous access to victim organizations.

Vaisha Bernard, the chief hacker at Eye Security, a

Netherlands-based cybersecurity firm which

discovered the hacking campaign

targeting one of its clients on Friday, said that an

internet scan carried out with the ShadowServer Foundation had

uncovered nearly 100 victims altogether - and that was before

the technique behind the hack was widely known.

"It's unambiguous," Bernard said. "Who knows what other

adversaries have done since to place other back doors."

He declined to identify the affected organizations, saying

that the relevant national authorities had been notified. The

ShadowServer Foundation didn't immediately return a message

seeking comment.

Another researcher said that, so far, the spying appeared to

be the work of a single hacker or set of hackers.

"It's possible that this will quickly change," said Rafe

Pilling, Director of Threat Intelligence at Sophos, a British

cybersecurity firm.

Microsoft ( MSFT ) said it had "provided security updates and

encourages customers to install them," a company spokesperson

said in an emailed statement.

It was not clear who was behind the ongoing hack. The FBI said

on Sunday it was aware of the attacks and was working closely

with its federal and private-sector partners, but offered no

other details. Britain's National Cyber Security Center said in

a statement that it was aware of "a limited number" of targets

in the United Kingdom.

According to data from Shodan, a search engine that helps to

identify internet-linked equipment, over 8,000 servers online

could theoretically have already been compromised by hackers.

Those servers include major industrial firms, banks,

auditors, healthcare companies, and several U.S. state-level and

international government entities.

"The SharePoint incident appears to have created a broad

level of compromise across a range of servers globally," said

Daniel Card of British cybersecurity consultancy, PwnDefend.

"Taking an assumed breach approach is wise, and it's also

important to understand that just applying the patch isn't all

that is required here."