Victims worldwide have been left to scramble to respond as tens of thousands of such servers are at risk, experts said, and Microsoft has issued no patch for the flaw.
This attack is only the latest cybersecurity embarrassment for Microsoft. Last year, the company was criticized by a panel of U.S. government and industry experts for lapses that allowed a 2023 targeted Chinese hack of U.S. government emails, including those of then-Commerce Secretary Gina Raimondo.
This most recent attack compromises only those servers housed within an organization – not those in the cloud, such as Microsoft 365, officials told the Post. Microsoft has suggested that users make modifications to SharePoint server programs or unplug them from the internet in order to halt the breach.
"We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available," said Pete Renals, a senior manager with Palo Alto Networks' Unit 42. "We have identified dozens of compromised organizations spanning both commercial and government sectors.''
Such a breach can lead to theft of sensitive data as well as password harvesting, Netherlands-based research company Eye Security pointed out.
Another problem is it was not immediately clear who is behind the hacking or what its ultimate goal is. Eye Security said it has tracked more than 50 breaches, including at an energy firm in a large state and several European government agencies.
At least two U.S. federal agencies have seen their servers breached, according to researchers, who said victim confidentiality agreements prevent them from naming the targets.
One state official in the eastern U.S. said the attackers had "hijacked" a repository of documents provided to the public to help residents understand how their government works.
Such "wiper" attacks are rare, and this one left officials alarmed in other states as word spread.
The breaches took place after Microsoft repaired a security flaw earlier this month, but the attackers realized they could use a similar vulnerability, according to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
CISA spokeswoman Marci McCarthy said the agency was alerted to the issue Friday by a cyber research firm and immediately informed Microsoft.
On Friday, Microsoft said it would stop using China-based engineers to back Defense Department cloud-computing programs after a report by investigative outlet ProPublica revealed the practice, which led Defense Secretary Pete Hegseth to order a review of Pentagon cloud deals.
Others that were breached included a government agency in Spain, a local agency in Albuquerque, and a university in Brazil, security researchers said.