Hackers have launched a large-scale cyberattack exploiting a critical flaw in Microsoft’s widely used SharePoint Server software.
According to state officials, the breach has compromised US federal and state government agencies, universities, energy companies, and even telecommunications infrastructure in Asia.
The vulnerability lies in on-premises SharePoint servers—systems used internally to store and share documents—not in Microsoft’s cloud services like Microsoft 365, making them prime targets for attackers.
The flaw is being called a “zero-day” vulnerability, a new software vulnerability for which Microsoft has yet to produce a patch. Organizations had zero days to prepare and opened up thousands of institutions to attack.
According to security researchers, the hackers have penetrated systems in over 50 organizations, including multiple European government agencies, an energy company in a large US state, and a university in Brazil.
In one eastern United States state, attackers took control of a trove of documents designated for public disclosure, then held it in limbo so the agency could not pull them back and remove them.
Microsoft fails to issue a patch amid expanding breach
The US Cybersecurity and Infrastructure Security Agency and cybersecurity authorities in Canada and Australia are actively investigating the breach. Microsoft has yet to release a patch for the SharePoint server vulnerability, forcing affected organizations to rely on temporary fixes—like adjusting server configurations or taking systems offline—to mitigate the risk.
Microsoft confirmed the breach and posted an alert but said nothing publicly. The company has urged users to apply lockdown settings and remove exposed servers from the internet to mitigate exposure.
The Center for Internet Security, which works with local governments around the US, said it sent warnings to about 100 possibly affected organizations, including public schools and universities. The reaction was also hampered by more recent cuts to funding, which have slashed threat intelligence and response operations personnel by at least 60%.
Randy Rose, the vice president of the Center for Internet Security, said it took six hours on Saturday night to complete the notifications. He added that the process would have been much faster if their teams had not been cut.
CISA, currently led by its director nominee in an acting capacity while awaiting confirmation, has maintained that its staff have been working tirelessly. Marci McCarthy, a spokeswoman for the agency, said that no one had been asleep at the wheel.
Security failures spark rising scrutiny of Microsoft
The latest incident adds to a wave of concern about Microsoft’s ability to secure its software, when the company remains a primary technology supplier to governments in many parts of the world.
The Department of Homeland Security said the attackers may have pivoted from a previously patched SharePoint vulnerability. This underscores Microsoft’s repeated strategy of delivering narrowly focused fixes that fail to plug related holes yet to be exploited.
Information security professionals are concerned about the long-term implications of the breach. Once inside the internal SharePoint servers, attackers have a path into the sensitive systems you rely upon in the workplace, such as Outlook, Teams, and others. Certain hackers, it said, had stolen cryptographic keys that could be used to re-enter servers, even after patches have been installed.
One researcher involved in the response, who requested anonymity due to the ongoing federal investigation, cautioned that releasing a patch on Monday or Tuesday would not help anyone who had already been compromised in the past 72 hours.
Last year, a US government-designated panel criticized Microsoft for handling a targeted Chinese cyberattack of federal email systems, including messages generated by the then-Commerce Secretary Gina Raimondo. In that case, the company said its cloud platform was exploited to access sensitive communications illegally.
The company faced fresh criticism last week after ProPublica reported that Microsoft had hired engineers in China to work on cloud projects connected to the US military. On Friday, Microsoft announced it would no longer employ engineers on Pentagon-related systems in China.
KEY Difference Wire: the secret tool crypto projects use to get guaranteed media coverage
Â
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.