Massive Cyberattack on Microsoft Puts US Agencies and Energy Firms in Jeopardy

Dozens of US government agencies and businesses are facing a cyber attack after a global hack on Microsoft servers. Tens of thousands of SharePoint servers have been compromised, prompting investigations by authorities. The vulnerability in the platform remains unfixed by Microsoft, leaving users at risk.

The attack affects cloud-based services like Microsoft 365 and targets organizations using SharePoint programs. While at least two federal agencies have been breached, details are limited. The incident is classified as a 'zero day' attack, exploiting a previously unknown weakness.

Security experts have observed widespread attempts to exploit SharePoint servers globally. The US government, along with officials from Australia and Canada, is investigating the hack. Concerns arise over compromised servers connecting to essential services like Outlook email and Teams, potentially exposing sensitive data and passwords.

Microsoft acknowledges the active attacks on on-premises SharePoint Server customers and has issued a patch to address the vulnerability. However, there are fears that hackers may still have access to keys allowing further breaches even after the patch is applied. The Cybersecurity and Infrastructure Security Agency is collaborating with Microsoft to address the situation and advise affected organizations.

This security breach is the latest in a series of incidents involving Microsoft. The company has faced criticism for security lapses in the past, including a 2023 breach that exposed government emails to Chinese hackers. In a separate attack last year, millions of Americans' personal information was stolen from a health company's SharePoint data. Microsoft is yet to comment on the current cyber attack.