[ad_1]
A major cybersecurity breach exploiting a critical vulnerability in Microsoft’s SharePoint collaboration software has hit government agencies, businesses, and institutions across the globe, including U.S. federal and state agencies, universities, energy companies, and an Asian telecom provider, cybersecurity researchers confirmed.
The attack, described as a “zero-day” exploit due to its previously unknown vulnerability, has compromised on-premises SharePoint servers that organizations use for document management and collaboration. Microsoft 365 cloud services are reportedly unaffected, News.Az reports, citing The Washington Post.
According to cybersecurity firm CrowdStrike, “Anybody who’s got a hosted SharePoint server has got a problem. It’s a significant vulnerability,” said Adam Meyers, senior vice president of intelligence.
Initially advising users to unplug or modify their SharePoint servers, Microsoft released a patch for one software version on Sunday evening. However, two versions remain exposed while the company continues to work on fixes. Microsoft declined further comment.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside Canadian and Australian counterparts, is investigating the attacks. “We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available,” warned Pete Renals, senior manager at Palo Alto Networks’ Unit 42.
Experts warn that the hackers have stolen cryptographic keys, enabling them to regain access to servers even after patches are applied. Netherlands-based Eye Security reported over 50 breaches, including European government agencies and a U.S. energy company.
One state official in the eastern U.S. confirmed that attackers hijacked a repository of public government documents. “We will need to make these documents available again in a different repository,” the official said.
At least two U.S. federal agencies and several international entities, including a Spanish government agency, a local agency in Albuquerque, and a university in Brazil, have been compromised. The full scale of the attack remains under investigation.
The FBI confirmed it is “working closely with federal and private sector partners,” while cybersecurity teams across states, including Arizona, are assessing potential risks and sharing intelligence.
This attack adds to Microsoft’s recent security woes. The company faced criticism in 2023 after a Chinese-linked hack compromised U.S. government emails, including those of then-Commerce Secretary Gina Raimondo. Most recently, Microsoft announced it would no longer use China-based engineers to support Defense Department cloud projects, following a ProPublica investigation.
Randy Rose, vice president of the Center for Internet Security, said his team notified 100 vulnerable organizations, including public schools and universities. However, resource cuts have slowed response efforts. “There is definitely a mad scramble across the nation right now,” one cybersecurity official noted.
[ad_2]
