Global Cyberattack Targets Microsoft SharePoint Servers — U.S. Government Agencies Breached

A zero-day cyberattack exploiting a critical flaw in Microsoft SharePoint Server has compromised U.S. federal and state agencies, universities, energy firms, and entities worldwide, according to security officials and researchers.

🔒 Microsoft SharePoint server hack, key Details:

• The attack affects on-premises SharePoint servers, not cloud-based Microsoft 365.
• Microsoft has not yet issued a patch, prompting urgent mitigation efforts.
• Victims include government bodies in the U.S. and Europe, universities in Brazil, and an Asian telecom company.
• Hackers are believed to have stolen cryptographic keys, allowing potential future re-entry even after patches are applied.
• No confirmed attribution yet, but global targets include China and U.S. state legislatures.

💬 “Anybody who’s got a hosted SharePoint server has got a problem,” said Adam Meyers of CrowdStrike.
🔐 The U.S., Canada, and Australia are investigating the breach, while cybersecurity firms report over 50 confirmed compromises.

📉 The attack follows ongoing criticism of Microsoft’s handling of security flaws, including past breaches by China-linked actors.

Safety Tip: Organizations are advised to disconnect vulnerable servers from the internet and review internal access logs for suspicious activity.