A significant cyberattack targeting Microsoft SharePoint server software has triggered global concern among security agencies and businesses, with suspicions pointing to a single threat actor orchestrating the assault. Over the weekend, Microsoft issued a critical security alert regarding “active attacks” on on-premise SharePoint servers, extensively used by organizations and government bodies for internal document management. The company clarified that SharePoint Online, part of the Microsoft 365 cloud suite, remains unaffected by this “zero-day” vulnerability, previously unknown to cybersecurity experts.
Security experts suggest that the consistency of the attacks indicates a single entity behind the campaign. Identical digital payloads observed across various targets support this theory. Microsoft has released security updates to address the flaw, urging users to install the patches immediately. However, experts warn that simply deploying these patches might not suffice, as the attack suggests a broad level of server compromise worldwide.
With over 8,000 SharePoint servers potentially exposed, including those of major industrial companies, financial institutions, healthcare providers, and government organizations, the scope of the breach is extensive. The attacker’s identity remains unknown, while the FBI is collaborating with federal and private sector entities to assess the situation. The UK’s National Cyber Security Centre has yet to comment publicly, as reports suggest the campaign could have far-reaching geopolitical impacts.
