Washington: Microsoft has issued an alert warning of “active attacks” targeting server software used by government agencies and organizations to share documents internally. The company has recommended that customers apply security updates immediately to protect their systems.
The FBI confirmed on Sunday that it is aware of the ongoing attacks and is collaborating closely with federal and private sector partners, though no additional details were provided.
In an attack alert released on Saturday, Microsoft clarified that the vulnerabilities affect only on-premises SharePoint servers utilized within organizations. The company assured that SharePoint Online in Microsoft 365, which operates in the cloud, was not impacted.
A Microsoft spokesperson stated that the company has been working closely with agencies such as CISA and the DOD Cyber Defense Command, as well as other international cybersecurity partners. Microsoft has provided security updates and urged users to install these updates without delay.
The Washington Post, the first to report on the hacks, stated that unidentified actors have exploited a flaw over recent days to target both U.S. and international organizations and businesses. This type of attack, known as a “zero-day,” refers to a previously unknown vulnerability that hackers have used before manufacturers could develop a fix. Experts estimate that tens of thousands of servers could be vulnerable.
Microsoft explained that the exploited vulnerability enables an attacker to perform spoofing over a network. Spoofing involves disguising the attacker’s identity to appear as a trusted organization or individual, which could be used to manipulate financial markets or deceive agencies.
The company also announced that it is developing updates for the 2016 and 2019 versions of SharePoint. In the meantime, if organizations cannot immediately enable malware protection, they are advised to disconnect their servers from the internet until a security patch is available.