In a Saturday alert, Microsoft clarified that the attacks are limited to on-premises SharePoint servers and do not affect SharePoint Online through Microsoft 365's cloud services.
The FBI confirmed on Sunday that it is aware of the situation and is collaborating with federal and private-sector partners, though it did not disclose further details.
The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses.
The hack is known as a "zero day" attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk.
Microsoft did not immediately respond to a request for comment.
In the alert, Microsoft said that a vulnerability "allows an authorised attacker to perform spoofing over a network." It issued recommendations to stop the attackers from exploiting it.
In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organisation or website.
Microsoft said on Sunday it issued a security update for SharePoint Subscription Edition, which it said customers should apply immediately.
It said it is working on updates to the 2016 and 2019 versions of SharePoint.
If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it said.
No comments:
Post a Comment