Microsoft (MS), an American information technology (IT) corporation, recommended an urgent security update after an attack occurred on the server software used by U.S. government institutions and corporations for internal document sharing.
According to the Washington Post (WP) on the 20th (local time), anonymous hackers targeted U.S. and international institutions and corporations in recent days, exploiting flaws in their security systems.
The Federal Bureau of Investigation (FBI) is aware of the attack and is reportedly working closely with federal institutions and partners in the institutional sector.
According to WP, U.S. federal and state government institutions, European Union (EU) government institutions, research institutions, universities, telecommunications companies, energy corporations, and government institutions from Brazil and Spain have been affected by this hacking incident. The media reported that at least two U.S. federal institutions' servers were breached.
MS stated it is closely cooperating with the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Defense (DOD) Cyber Command, and global cybersecurity partners. They emphasized that security patches have already been distributed and urged customers to use them immediately.
MS said the attack was limited to the SharePoint server used internally, and the cloud-based Microsoft 365's SharePoint Online was not affected.
Experts classify this hacking incident as a 'zero-day attack'. A zero-day attack refers to an attack on a security vulnerability that developers are unaware of. The industry believes that tens of thousands of servers are at risk due to this incident.
MS stated in a security alert that the vulnerability allowed 'authorized attackers to perform spoofing on the network.' A spoofing attack involves the attacker disguising themselves as a trusted individual or institution to deceive and gain access to information and systems.
MS is currently developing a security update for SharePoint versions 2016 and 2019, advising customers who cannot apply the recommended malware defense settings to keep their servers isolated from the internet until the security patch is provided.