Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and othe
r organizations across the globe and steal sensitive information, according to officials and cybersecurity researchers.
Microsoft over the weekend released a patch for the vulnerability
in servers of the SharePoint document management software. The company said it was still working to roll out ot
her fixes after warnings that hackers were targeting SharePoint clients, using the flaw to enter file systems and execute code.
Multiple different hackers are launching attacks through the Microsof
t vulnerability, according to representatives of two cybersecurity firms, CrowdStrike Holdings, Inc. and Google’s Mandiant Consulting.
Hackers have already used the flaw to break into the systems of national governments in Europe and the Middle Ea
st, according to a person familiar with the matter. In the US, they’ve accessed government systems, including ones bel
onging to the US Department of Education, Florida’s Department of Revenue and the Rhode Island Gene
ral Assembly, said the person, who spoke on condition that they not be identified discussing the sensitive information.
Representatives of the Department of Education and Rhode Island legislature didn’t respond to calls and emails
Watch More Image Part 2 >>>
seeking comment Monday. A Florida Department of Revenue spokesperson, Bethany Wester Cutillo, said in an email tha
t the SharePoint vulnerability is being investigated “at multiple levels of government” but that the state agency “does not comment publicly on the software we use for operations.”
The hackers also breached the systems of a US-based health-care provider and targeted a public university in Sout
heast Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report doesn’t identify either entity by name, but says the hackers have attempted to breach SharePoint servers in c
ountries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information.
In some systems they’ve broken into, the hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, according to a person familiar with the matter, who also spoke on condition that they not be identified discussing the sensitive information.