trusted formMicrosoft Detects Live Attacks on Sharepoint Systems | Several.com
Although we earn commissions from partners, we ensure unbiased evaluations. More on our 'How We Work' page
Home
News
Tech
Hackers Use Microsoft Flaw To Hit Government Servers

Recent Posts

Share

Hackers Use Microsoft Flaw to Hit Government Servers

Hackers Use Microsoft Flaw to Hit Government ServersHackers Use Microsoft Flaw to Hit Government Servers
Source: Bank Info Security

Published On: July 21, 2025

Microsoft has issued a high-priority cybersecurity alert, warning businesses and government agencies of ongoing attacks targeting SharePoint server software. The alert highlights that the threat focuses on on-premises versions of SharePoint, a widely used enterprise tool for document sharing and collaboration.

The company said it has observed active exploitation of a newly discovered vulnerability in SharePoint servers. The issue does not affect cloud-based SharePoint Online services included in Microsoft 365.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed that the exploit allows hackers to execute malicious code, gain access to file systems, and manipulate internal configurations of affected servers. A Microsoft spokesperson noted that the company has been “coordinating closely with CISA, DOD Cyber Defense Command, and key global cybersecurity partners throughout the response.”

Microsoft described the vulnerability as enabling a network spoofing attack, where authorized attackers can disguise themselves as legitimate users or systems. Spoofing can be used to steal sensitive data or impersonate internal users, potentially compromising operations or manipulating transactions.

The FBI confirmed that it is aware of the attacks and is “working closely with its federal and private-sector partners.” However, the bureau declined to provide additional details about the scope or attribution of the attacks.

Security analysts said this incident reflects a broader trend of attackers shifting focus from cloud infrastructure back to locally hosted servers, which tend to have more fragmented security oversight.

“This is exactly the kind of opening that advanced threat actors look for, an unpatched, high-value enterprise tool that many companies haven’t secured fully,” said one cybersecurity analyst familiar with the incident.

So far, the identity of the attackers remains unknown. However, past incidents of this scale have been attributed to nation-state actors, particularly those aligned with cyber espionage campaigns.

Microsoft emphasized that customers using SharePoint Online are not affected by the exploit. The attacks only impact on-premises deployments, which are often used by government agencies and large corporations for secure document management.

CISA and Microsoft both advised organizations to:

  • Review and apply the most recent SharePoint security updates
  • Monitor server traffic for suspicious activity
  • Isolate vulnerable servers from the internet if patching isn’t possible
  • Enable anti-malware and network-level protections

For more cybersecurity updates, visit our Tech News page!
 

Related Topics

Tech

Recent Posts

AI Can Now Watch Your Front Door to Stop Package Theft
McDonald’s Hiring Bot Hacked in Minutes Using Password ‘123456’
Ingram Micro Confirms Ransomware Attack After Outage
Why the Court’s Decision On "Click to Cancel" Should Matter to You