Massive Microsoft hack affects state and federal agencies
The company urged its customers to follow new security updates to fix a problem in a platform used by public and private organizations around the globe. "The risk is not theoretical," warned cybersecurity firm Eye Security, which explained that attackers could access "essential services" such as Outlook, Teams and OneDrive.
Microsoft logo
A group of hackers exploited a security flaw in a Microsoft platform to attack both state and federal agencies. The company issued an alert Sunday citing "active attacks" and asking its customers to undertake security updates immediately. The global attack reportedly began days ago and is still ongoing this Monday.
The technology company's statement also details that the program that was breached was the SharePoint platform, used by public and private organizations to manage and share documents. Specifically, servers used within organizations and not those hosted in the cloud, such as Microsoft 365.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a statement explaining that the "exploitation activity" allowed "malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network."
According to Reuters, the Federal Bureau of Investigation (FBI) also said it was aware of the attacks and claimed it was working with public and private sectors. Microsoft itself maintained that it is working directly with the authorities.
Zero-day attack
Cybersecurity company Eye Security assures that it detected the attacks on Friday, logging one the same day and another the following day. "The risk is not theoretical," it warned, "once inside, they can access all SharePoint content, system files, and configurations and move laterally across the Windows Domain."
Specifically, he argued that attackers could gain access to "core services" such as Outlook mail, the Teams teamwork platform and OneDrive storage software. Worse, he explained, they could also steal keys that would allow them to log back into the breached systems even once the server was patched.
The hack was dubbed the "zero-day" attack because it exploited a previously unknown vulnerability, according to a report by The Washington Post, the first to report the news.
One researcher consulted by the newspaper said that both servers in China and a U.S. state legislature had been targeted by the hacks. Another pointed to a U.S. energy company and European government agencies. One more added two U.S. federal agencies to the list, and an NGO pointed to some public schools and universities.
Chinese engeneers for the DOD
The announcement came on the heels of a ProPublica report that uncovered that engineers in China were performing systems maintenance on DOD computer systems, a system that had been in place for a decade. Although the Chinese experts were supervised from the United States, this oversight was "minimal," with supervisors who "often lack the technical expertise to police foreign engineers with far more advanced skills."
"Foreign engineers — from any country, including of course China — should NEVER be allowed to maintain or access DoD systems," Secretary Pete Hegseth wrote days after the revelation.
Microsoft claimed last week that it had fixed the problem. Its director of communications, Frank X. Shaw, posted on X that the company had made changes "to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services."
"We remain committed to providing the most secure services possible to the US government," he said.
LATEST
