More than 90 U.S. states and local governments targeted using Microsoft SharePoint vulnerability

Hackers used a security flaw in Microsoft SharePoint to target more than 90 states and local government organisations in the United States, according to a U.S. group devoted to helping local authorities collaborate against hacking threats.

The nonprofit Center for Internet Security, which houses an information-sharing group for state, local, tribal, and territorial government entities, provided no further details about the targets, but said it did not have evidence that the hackers had broken through.

"None have resulted in confirmed security incidents," Randy Rose, the center's vice president of security operations and intelligence, said in an email.

At least 400 systems in 41 countries were targetted according to Netherlands-based cybersecurity firm Eye Security. The security group said more than 145 organisations were affected, and most of the U.S. targets were government departments.

According to experts, the hackers exploited weaknesses in on‑premises versions of Microsoft SharePoint, which many organisations use to store and share files. The security flaw allowed attackers to break in, steal data, and in some cases, install more dangerous software.

Microsoft and the U.S. government say they are working together to fix the problem and protect affected organisations.

According to reports, there were some major U.S. institutions which were also hit, including the National Nuclear Security Administration and Fermilab, which works on government science projects. Officials said no classified information was stolen, and systems were restored quickly.

Microsoft has urged all users of SharePoint Server to update their systems immediately. Those using older versions that are no longer supported should take them offline to avoid further risks.

Copied