Hackers are actively exploiting a zero-day vulnerability in Microsoft SharePoint servers, with early attacks primarily targeting government organizations, according to researchers and recent reports.
Over the weekend, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about the bug, urging organizations to take immediate action. The vulnerability, which affects on-premise versions of SharePoint, allows attackers to gain unauthorized access. Microsoft has not yet released a full patch for the flaw.
“It looks like initial exploitation was against a narrow set of targets — likely government-related,” said Silas Cutler, principal researcher at cybersecurity firm Censys, in a statement to TechCrunch. He added that while the initial wave of attacks appears limited, more widespread exploitation is expected as details about the vulnerability spread.
Censys estimates that 9,000 to 10,000 vulnerable SharePoint instances are currently exposed to the internet. Eye Security, which first identified the bug, reported similar numbers and noted evidence of multiple compromised servers.
According to The Washington Post, the affected targets include U.S. federal and state agencies, universities, and energy companies, along with other commercial entities. Microsoft clarified that the vulnerability only impacts locally hosted SharePoint servers, not cloud-based versions, and urged administrators to apply mitigations or disconnect systems from the internet immediately.
The attacks are believed to be carried out by an advanced persistent threat (APT) group, likely tied to a government, based on the nature of the initial targets.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
