Dozens of US government agencies and businesses are under attack following an unprecedented global hack on Microsoft servers.
Authorities are investigating after tens of thousands of SharePoint servers were compromised in the last few days, The Washington Post reports.
The platform is used to share and manage documents and remain at risk as Microsoft is yet to fix the flaw, per the outlet.
Users are being urged to take the servers offline or make changes to the SharePoint programs to protect themselves.
The cyber attack is currently not affecting servers housed on the cloud, such as Microsoft 365 and only impacts those housed within an organization.
The breach is classed as a ‘zero day’ attack as it targets a previously unknown vulnerability.
‘We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available,’ Pete Renals, a senior manager with Palo Alto Networks’ Unit 42 told the Washington Post.
Dozens of US government agencies and businesses are under attack following an unprecedented global hack on Microsoft servers
Authorities are investigating after tens of thousands of SharePoint servers were compromised in the last few days. Pictured: Microsoft Chairman and CEO Satya Nadella
‘We have identified dozens of compromised organizations spanning both commercial and government sectors.’
The hack is being investigated by the US government in partnership with officials in Australia and Canada. It is not yet clear who is responsible.
The compromised servers frequently connect to vital services such as Outlook email and Teams, sparking fears sensitive data and passwords have been obtained.
‘Microsoft is aware of active attacks targeting on-premises SharePoint Server customers exploiting a variant of CVE-2025-49706 which was addressed in July’s Update Tuesday,’ an alert to users on Saturday read.
‘This vulnerability has been assigned CVE-2025-53770. This vulnerability applies to on-premises SharePoint Servers only. SharePoint Online in Microsoft 365 is not impacted.
‘A patch has been made available to mitigate CVE-2025-53770 in SharePoint Subscription Edition which customers should apply immediately.’
Eye Security, a Netherlands-based company, told the Washington Post that the hackers may have gained access to keys which will allow them to hack again even after a fix, known as a patch, is issued.
‘Pushing out a patch on Monday or Tuesday doesn’t help anybody who’s been compromised in the past 72 hours,’ one researcher told the Washington Post.
The cyber attack is currently not affecting servers housed on the cloud, such as Microsoft 365 and only impacts those housed within an organization
The incident is the latest security breach for Microsoft, which was admonished for lapses in 2023 which allowed a Chinese hack of government emails, including those of former Commerce Secretary Gina Raimond.
Last year a cyberattack on SharePoint data also led to millions of Americans’ personal information being stolen by hackers who targeted a heath company.
A total of 4.3m users’ names, addresses, health history and social security numbers to dangerous actors were obtained after the attack on HealthEquity.
Daily Mail has contacted Microsoft for comment.
This is a breaking news story, check back for updates.
