A significant zero-day attack targeting a previously unknown vulnerability in Microsoft’s widely used SharePoint software has hit government agencies, universities, energy companies, and businesses around the world.
The Washington Post reports that in a worrying development for global cybersecurity, unknown hackers have exploited a critical flaw in Microsoft’s SharePoint collaboration software, launching a far-reaching attack that has breached U.S. federal and state agencies, universities, energy companies, and an Asian telecommunications company. The attack, which began in the past few days, is being investigated by the U.S. government in partnership with Canada and Australia.
SharePoint, a platform used by organizations worldwide to manage and share documents, has tens of thousands of servers at risk. Microsoft has yet to issue a patch for the vulnerability, leaving victims scrambling to mitigate the breach. The company has suggested that users modify their SharePoint server programs or disconnect them from the internet as a temporary solution. Disconnecting SharePoint from the internet makes it practically useless, as its main purpose is to share and collaboration on files.
Cybersecurity experts have expressed grave concerns over the scale and potential impact of the attack. Adam Meyers, a senior vice president at CrowdStrike, stated, “Anybody who’s got a hosted SharePoint server has got a problem. It’s a significant vulnerability.” Pete Renals from Palo Alto Networks’ Unit 42 added, “We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available. We have identified dozens of compromised organizations spanning both commercial and government sectors.”
The breach has far-reaching implications, as SharePoint servers often connect to other core services like Outlook email and Teams. Hackers gaining access to these servers can lead to the theft of sensitive data and password harvesting. Researchers have also noted that the attackers have obtained keys that may allow them to regain entry even after systems are patched, further complicating the response to the incident.
The identity and ultimate goal of the hackers remain unclear at this stage. Private research companies have observed the attackers targeting servers in China, a state legislature in the eastern United States, and more than 50 other breaches, including those at European government agencies and an energy company in a large U.S. state.
At least two U.S. federal agencies have had their servers breached, according to researchers bound by victim confidentiality agreements. In one eastern U.S. state, the attackers “hijacked” a repository of public documents, preventing the agency from accessing the material. This type of “wiper” attack has left officials in other states alarmed as they assess potential vulnerabilities and share information.
The breaches occurred after Microsoft fixed a security flaw earlier this month, with the attackers exploiting a similar vulnerability. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) was alerted to the issue on Friday and immediately contacted Microsoft.
The SharePoint hack comes on the heels of an investigation that showed Microsoft has used Chinese engineers to service critical Pentagon systems under the cover of U.S. employees called “digital escorts.” The company has since promised to end the practice.
Read more at the Washington Post here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.
