Microsoft issued an alert about "active attacks" targeting its SharePoint server software, which is widely used by businesses and government agencies to share files.
The technology company is recommending that customers disconnect their servers from the internet until they can apply new security updates to protect against the breach.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said on Sunday that it is aware of the security breach.
RELATED STORY | Salt Typhoon hack targeted National Guard computer networks, DHS memo says
"This exploitation activity, publicly reported as 'ToolShell,' provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network," CISA said in a press release.
CISA also listed out some additional steps to take to reduce risks, including configuring Antimalware Scan Interface in SharePoint and deploy Microsoft Defender AV on all SharePoint servers.
Microsoft clarified that cloud-based SharePoint Online in Microsoft 365 was not affected by these attacks.
This story was reported on-air by a journalist and has been converted to this platform with the assistance of AI. Our editorial team verifies all reporting on all platforms for fairness and accuracy.
