Technology giant Microsoft (MSFT) has issued an alert about “active attacks” on its server software used by government agencies and businesses around the world.
Seattle-based Microsoft said the attack could impact the ability to share documents within organizations, and recommended security updates that customers should apply immediately.
The hack on Microsoft’s server software is known as a “zero day” attack because it targets a previously unknown vulnerability. Tens of thousands of servers globally have been impacted.
The Federal Bureau of Investigation (FBI) issued its own statement, saying it is aware of the attacks and is working closely with its global partners to investigate the incident.
Microsoft says the attack applies only to SharePoint servers used within organizations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not affected by the attacks.
Media reports state that unidentified actors have exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses.
Microsoft said that hackers are using a “spoofing” technique to hack the server software.
In a spoofing attack, a bad actor can manipulate financial markets or agencies by hiding the actor’s identity and appearing to be a trusted person, organization, or website.
The hack comes after Microsoft recently said that it is working on updates to 2016 and 2019 versions of SharePoint.
The company is recommending that customers enable recommended malware protection or disconnect their servers from the internet until a security update is available.
MSFT stock has risen 22% this year to trade at $510.05 U.S. per share.
Tech Insider
