Global Microsoft Hack Targets Servers for U.S. and State Governments

What Happened?

An unknown hacker or hackers exploited a previously unidentified flaw in Microsoft server software to launch a worldwide attack on servers used by the U.S. and state governments. The attacks focused on SharePoint servers, which offer an online platform for document sharing.

Private cyber-security experts warned that thousands of servers around the world were at risk, and as of Monday Microsoft had not issued a patch for software vulnerability.

This style of attack is known as a ‘Zero-Day’ attack because there was no advance warning of the existing flaw in the software. 

Why it Matters

The attack and the slow response to release a patch is a major embarrassment for Microsoft and a continuing vulnerability for government and private agencies with SharePoint software on their servers. Thus far not only U.S. federal and state government agencies have been affected but also energy companies, universities, and an Asian telecommunications company have been impacted according to the Washington Post.

In a statement posted on Sunday, the Cybersecurity and Infrastructure Security Agency (CISA) said it was ‘aware of active exploitation of a new…vulnerability enabling unauthorized access to on-premise SharePoint servers.’ The federal agency added that the vulnerability allowed malicious actors to ‘access file systems and internal configurations and execute code over the network.’

Crypto whales have quietly accumulated $62 million worth of a single protocol in just 72 hours.

This is calculated accumulation by the smartest money in crypto... into a protocol that processes more transactions than most banks... holds more assets than entire hedge funds... and generates more fees than 99% of DeFi platforms.

Yet... this cryptocurrency still trades for a tiny fraction of what Bitcoin costs.

The math doesn't add up.

But smart money knows something retail investors don't.

Two catalysts are about to converge:

1. Major tokenomics upgrade that redirects $6 million annually to holders.

2. Institutional partnerships that could bring trillions in traditional assets on-chain.

When these hit, the current price will look like pocket change. 

Discover the protocol that crypto whales are secretly accumulating.

Microsoft issued a statement saying the vulnerability only impacts companies using Microsoft’s software to host their own servers, and customers relying on Microsoft’s 365 cloud services have not been affected. While that greatly reduces the number of potential public and private sector organizations affected, it still leaves tens of thousands of potential targets for hackers to exploit.

Microsoft also said it was working on updates to 2016 and 2019 versions of SharePoint and told customers if they cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available. Which means affected organizations could face disruptions to their normal business flow until a patch is released, and Microsoft has given no indications when that might happen.

According to Bloomberg, Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys, estimated that more than 10,000 companies with SharePoint servers were at risk. ‘It’s a dream for ransomware operators, and a lot of attackers are going to be working this weekend as well,’ Mr. Cutler said.

Law enforcement agencies were reportedly sharing information and working to identify who was responsible for the hack, but as of Monday they gave no indications they had identified the source.

How it Affects You

The rise in e-commerce in the past decade led to an increase in the volume of business conducted online. Which in turn created many new opportunities for hackers to engage in nefarious and illegal activities such as this most recent Microsoft hack. There are no indications yet whether this hack originated in the United States or abroad.