Microsoft SharePoint Hack Targets Thousands, Single Actor Suspected

A global cyberattack exploiting a previously unknown zero-day vulnerability in Microsoft SharePoint on-premises servers has compromised thousands of organizations worldwide, including government agencies, businesses, banks, healthcare providers, and industrial firms. Microsoft confirmed the attacks and issued critical security updates, urging immediate installation, while clarifying that SharePoint Online in Microsoft 365, the cloud version, remains unaffected. Cybersecurity experts, including those from Sophos, believe the coordinated campaign is likely orchestrated by a single actor, as attackers used identical payloads across targets, though this could evolve. The FBI is actively involved, collaborating with federal and private-sector partners, and authorities in the U.S. and internationally have been notified, but the identity of the perpetrators remains unknown. Researchers estimate that over 8,000 servers could already be compromised, with some reports indicating about 100 confirmed victims initially identified through scans. Experts warn that patching alone is insufficient, advising organizations to assume compromise and take comprehensive response measures to mitigate further damage.