Microsoft servers under attack
What's the story
Hackers have exploited a critical vulnerability in Microsoft's widely used server software, launching a global attack on government agencies and businesses. The breach has affected US federal and state agencies, universities, energy companies, and an Asian telecom firm. The attack specifically targeted SharePoint servers that provide platforms for sharing and managing documents.
Ongoing probe
Tens of thousands of servers at risk
The US government, along with its partners in Canada and Australia, is probing the compromise of SharePoint servers. Experts have warned that tens of thousands of such servers are at risk. Despite the severity of this "zero-day" attack, so-called because it exploited a vulnerability that was previously unknown, Microsoft has not released a patch for the flaw.
Patch update
Patch released for one version of the software
After initially advising users to modify or disconnect SharePoint server programs from the internet, Microsoft released a patch for one version of the software yesterday. However, two other versions remain vulnerable as the company continues to develop a fix. Adam Meyers, SVP at cybersecurity firm CrowdStrike, warned that "anybody who's got a hosted SharePoint server has got a problem." "It's a significant vulnerability," he added.
Response efforts
FBI is investigating the situation
The Federal Bureau of Investigation (FBI) is aware of the situation and is working closely with federal government and private sector partners. Pete Renals, a senior manager at Palo Alto Networks's Unit 42, said they are witnessing attempts to exploit thousands of SharePoint servers globally before a patch becomes available. He added that dozens of compromised organizations have been identified across commercial and government sectors.
Data threat
Eye Security warned of sensitive data theft
The breach of SharePoint servers, which often link with Outlook email and Teams, poses a major risk. It could lead to the theft of sensitive data and password harvesting, according to a Netherlands-based research company, Eye Security. Even more concerning is that hackers have obtained keys that could allow them to re-enter even after a system is patched.
Global reach
Identity of hackers unclear
The identity of the hackers behind this global attack remains unclear. However, one private research firm has found them targeting servers in China and a state legislature in the eastern US. Eye Security has tracked over 50 breaches, including at an energy company in a large state and several European government agencies.
Breached agencies
Attackers 'hijacked' repository of documents meant for public understanding
At least two US federal agencies have been breached, researchers said. One state official in the eastern US said the attackers had "hijacked" a repository of documents meant for public understanding of government operations. The agency involved can no longer access this material, but it's unclear if it was deleted or not.
Past incidents
Microsoft halts China-based cloud support for Pentagon
Microsoft has previously faced criticism for releasing narrowly targeted fixes that leave similar vulnerabilities exposed. Over the past two years, the company has experienced several major security lapses, including breaches of its corporate networks and executive emails. A flaw in its cloud services also enabled China-linked hackers to access emails from US federal officials. Microsoft recently announced it would stop using China-based engineers to support the Pentagon's cloud computing projects. The move followed a ProPublica investigation that uncovered the practice.