Microsoft Corp.’s SharePoint server software is currently under active cyberattack from unknown hackers. Cybersecurity companies have warned that the breach has the potential to affect more than 10,000 organizations across the world. The US has the highest number of potentially affected companies, followed by the Netherlands, the UK, and Canada. Microsoft issued a patch to contain the attack and has vowed additional updates.
In the meantime, cybersecurity experts indicate the flaw provides full access to internal systems and code execution. US federal and state governments, energy companies, universities, and even an Asian telecommunication firm have been reportedly affected. The hack renews concerns about Microsoft’s cybersecurity culture, under criticism before.
Global Impact Feared
Cybersecurity experts have sounded warning bells about the possible extent of the attack. Silas Cutler, a Censys researcher, estimated that more than 10,000 companies with SharePoint servers are at risk. “It’s a dream for ransomware actors,” he warned. Threat actors will be expected to remain active over the weekend, taking advantage of the vulnerability.
The US Cybersecurity and Infrastructure Security Agency (CISA) verified the vulnerability. The agency explained that hackers were able to gain access to file systems, internal settings, and even run code remotely.
Real Threat, Active Exploitation
Palo Alto Networks warned that the exploit is not hypothetical. It has already begun showing up in the wild and is a serious threat. Google’s Threat Intelligence Group also saw live attacks. In a statement, Google stated that the vulnerability allows for “persistent, unauthenticated access.” The firm made it sound like a big risk for impacted organizations.
The Washington Post, quoting government officials and private experts, said the attack impacted federal and state governments in the U.S. It also struck universities, energy organizations, and an Asian telecom company.
Microsoft Responds, Again
Microsoft acknowledged the attack and stated it had delivered a new security patch. The patch affects SharePoint servers employed on-premises. The company asked its customers to install it as soon as possible. It further stated that additional fixes are in the pipeline.
The incident follows a series of security issues with Microsoft. In March, the company sounded a warning against Chinese hackers targeting cloud services and remote management software.
Continued Scrutiny of Microsoft Security
The White House-supported Cyber Safety Review Board has previously come down on Microsoft. It labelled the company’s security culture “inadequate” following a 2023 incident. The breach targeted 22 organisations and hundreds of users. Among the victims was former US Commerce Secretary Gina Raimondo.
Now, with another fresh breach emerging, Microsoft is again under pressure to beef up its cybersecurity infrastructure. The worldwide scale of the attack at this time makes it one of the gravest threats so far this year.
