Hackers have carried out a large-scale attack on government agencies, universities, and energy companies in the United States, China, and several other countries by exploiting a critical vulnerability in Microsoft’s server software, according to The Washington Post.
U.S. authorities, in coordination with Canada and Australia, have launched an investigation into the incident, which targeted SharePoint—a platform used for collaborative document work. Experts interviewed by the newspaper confirmed more than 50 breaches. Victims include an energy company in one of the largest U.S. states, several government agencies in Europe, two American federal departments, a public institution in Spain, a local office in Albuquerque, and a university in Brazil.
The identity and motives of the attackers remain unknown. WP notes that in some cases, data was deleted, but according to several cybersecurity firms, the primary objective was the theft of cryptographic keys—allowing persistent access to systems without detection.
According to officials, only on-premises SharePoint servers were affected. Cloud-based services, including Microsoft 365, were not compromised. Microsoft initially recommended disabling or reconfiguring the servers, but only released a security patch for one version of the software on the evening of July 20. Two other editions remain vulnerable. The company said it is continuing to work on a fix but declined further comment.
"This issue affected anyone hosting SharePoint servers on their own infrastructure," said Adam Meyers, senior vice president of threat intelligence at CrowdStrike.