Tech giant Microsoft has raised the alarm over a serious cyberattack that is currently targeting SharePoint server software used by government agencies and businesses around the world. The company said the attacks are ongoing and urged all affected customers to apply the recommended security updates without delay.
In a security alert issued over the weekend, Microsoft explained that the attackers are focusing on SharePoint servers, which are used internally by organisations to store and share documents and files. According to the company, this latest cyberattack does not affect SharePoint Online, which is hosted on the Microsoft 365 cloud platform.
The Federal Bureau of Investigation (FBI) in the United States has also confirmed it is aware of the hacking activity. In a statement released on Sunday, the FBI said it is working closely with other government agencies and private sector stakeholders to address the situation, though no specific details were provided.
Microsoft described the breach as a “zero-day attack”, meaning that the hackers exploited a vulnerability that was previously unknown. This kind of attack is usually very dangerous because there are no existing patches or protections in place before the vulnerability becomes public knowledge.
The Washington Post was the first to report the incident and said unknown hackers had launched the attack in recent days. The newspaper quoted cybersecurity experts who revealed that tens of thousands of servers across the world may be at risk.
In its statement, Microsoft warned that the specific vulnerability allows an attacker to carry out a “spoofing” attack over a network. In simple terms, spoofing involves someone pretending to be a trusted user, system, or organisation in order to gain access to sensitive information, systems, or financial markets.
“This vulnerability allows an authorised attacker to perform spoofing over a network,” Microsoft said, adding that users must act fast to prevent any damage.
A Microsoft spokesperson said the company has been working “closely with CISA, the Department of Defense (DOD) Cyber Defense Command, and other global cybersecurity partners” to respond to the threat. CISA, short for the Cybersecurity and Infrastructure Security Agency, is a key U.S. agency in charge of defending against cyber threats.
The company advised all organisations still using SharePoint 2016 and SharePoint 2019 to apply security patches that have already been released. However, for those who are unable to enable malware protection or install the security updates right away, Microsoft strongly recommends that they disconnect their SharePoint servers from the internet until a solution is found.
“This is not something to take lightly. If you cannot protect your system, disconnect it,” the alert stated firmly.
Experts say this incident highlights how vulnerable even large institutions and governments can be to sophisticated cyberattacks, especially when they rely on older software systems that may not be frequently updated.
It is not yet clear who is behind the attacks. However, given the scale and nature of the operation, suspicions are high that it may involve well-resourced state actors or highly skilled hacking groups.
Cybersecurity specialists are now calling for better protection for public infrastructure and large organisations, especially in regions like Africa, where awareness and investment in cyber defense are still growing.
This latest warning follows several other high-profile cyberattacks in recent years that have affected hospitals, financial institutions, schools, and even election systems globally.
Nigerian IT experts are also urging local organizations and government agencies to take immediate steps to audit their systems and update all relevant software to reduce the risk of being affected by similar attacks.
As digital operations continue to expand, cybersecurity is becoming a crucial part of every organization’s strategy. Microsoft’s warning serves as a timely reminder that the digital world must always be guarded.
