US in trouble: government systems hacked due to Microsoft glitch

An unknown hacker group has exploited a security flaw in Microsoft's SharePoint platform, used for sharing and managing documents, to attack U.S. state and federal agencies, among other institutions.

This is a global attack that occurred days ago—and is still ongoing —and has also affected universities, energy companies, and an Asian telecommunications firm, The Washington Post reported Sunday, citing state officials and private investigators.

So far, according to the American press, Microsoft has not yet managed to correct the flaw, and both US and Canadian government agencies have had to act urgently to try to protect tens of thousands of at-risk servers.

A security breach of this type can lead to the theft of a huge amount of confidential data , as well as the acquisition and manipulation of passwords.

"After initially suggesting that users modify or simply disconnect their SharePoint server programs from the internet, the company released a patch for one version of the software late Sunday. Two other versions remain vulnerable, and Microsoft said it is continuing to work on a patch," The Washington Post reported.

The "Zero-Day" attack, as it has been dubbed, compromises only servers hosted within a specific organization , not those in the cloud like Microsoft 365.

Last year, a panel of US government experts criticized Microsoft for flaws that allowed a Chinese-led hacking attack on US government emails in 2023.