A significant cybersecurity breach has hit federal agencies, universities, and businesses around the world after attackers exploited a critical flaw in Microsoft’s SharePoint server software. The attack, which began spreading in recent days, targeted on-premise SharePoint systems — software widely used to manage documents and internal communication across large organizations.
Security officials in the United States confirmed that multiple federal and state government systems were breached. Cybersecurity researchers say victims span sectors including energy, education, and telecommunications, with one confirmed breach at a major Asian telecom provider.
This vulnerability was what experts call a “zero-day” — an unknown flaw that attackers exploit before software developers have a chance to fix it. Microsoft did not immediately provide a patch for all affected versions of SharePoint, leaving thousands of systems worldwide at risk.
U.S., Canada, and Australia Launch Joint Response
The scope of the breach prompted coordinated investigations by government agencies in the U.S., Canada, and Australia. Microsoft eventually issued a fix for one version of SharePoint, but two others remain without updates. As of now, Microsoft has not provided a public statement addressing the ongoing threat.
Security professionals warn that systems running unpatched versions are especially vulnerable. SharePoint servers are often tightly connected with other enterprise systems like Microsoft Outlook and Teams, so a successful breach can grant attackers broader access to sensitive networks.
Researchers also found that the attackers were able to extract cryptographic keys, raising concerns that the hackers might be able to re-enter systems even after patches are installed. In essence, systems compromised before the fix may still be at risk despite being updated.
Breaches Reach Across the Public and Private Sector
While the full extent of the attack remains unclear, reports indicate that at least two U.S. federal agencies have been affected. A state government in the eastern U.S. lost access to a digital repository containing public information and resources. Officials there are now working to recreate those records elsewhere.
Researchers have identified over 50 separate breaches so far, involving government entities in Europe, an energy company in a large U.S. state, and servers in China. Victims also include a local agency in Albuquerque and a university in Brazil.
Though the majority of these attacks appear focused on data theft and credential harvesting, concerns have been raised about the potential for more destructive tactics. In some states, officials are on high alert for “wiper” attacks — efforts to delete or corrupt data — though such cases have not yet been widely reported.
Microsoft Under Scrutiny for Security Gaps
The attack adds to growing scrutiny of Microsoft’s cybersecurity practices. Just last year, a review panel criticized the company over a breach linked to China that compromised U.S. government emails, including those of high-level officials. That incident, like this one, also involved an unaddressed vulnerability in Microsoft’s software.
Recently, Microsoft faced backlash after revelations that China-based engineers had been working on Pentagon cloud-computing programs. The company said it would end that practice following a report by ProPublica. The timing of that announcement, coming just days before the SharePoint flaw was exploited, has only intensified criticism.
Staffing Cuts and Funding Gaps Delay Response
Efforts to notify organizations about the SharePoint breach have been complicated by budget and staffing cuts. The Center for Internet Security (CIS), which supports state and local agencies in cyber defense, warned roughly 100 institutions — including schools and universities — that they may have been affected.
According to CIS officials, that notification process took longer than expected due to a 65% reduction in their incident response teams after recent federal budget cuts. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) confirmed it had been alerted to the vulnerability by a private cybersecurity firm and had contacted Microsoft immediately.
Though CISA currently lacks a Senate-confirmed director, agency officials say they have been working non-stop since the attack came to light.
