A widespread cyber campaign exploiting vulnerabilities in Microsoft SharePoint has impacted over 90 state and local government entities in the United States, according to a nonprofit group supporting cybersecurity collaboration across regional agencies.
Incident Monitoring and Scope
The Center for Internet Security (CIS), which operates an information-sharing network for public sector organizations, confirmed that more than 90 governmental bodies were identified as targets. While the scale of the attempted exploitation raises concerns, CIS reported that no confirmed security breaches have been recorded to date. The targeted institutions include a range of state, municipal, tribal, and territorial authorities.
This surge in attacks aligns with global reports of increased exploitation of a SharePoint flaw first disclosed in May. Despite Microsoft issuing a patch, cybersecurity researchers have warned that the fix did not fully resolve the issue, allowing threat actors to exploit the loophole. Eye Security, a Netherlands-based firm, estimates at least 400 organizations globally have been compromised.
U.S. Energy Sector Also Affected
Among the institutions targeted was Fermilab, the U.S. Department of Energy’s national particle physics laboratory. The lab confirmed an attempted breach of its SharePoint systems but stated that the incident was contained quickly, with no sensitive data accessed. This adds to prior disclosures from the Department of Energy, which acknowledged that a small number of its systems had been impacted by the same vulnerability.
The Department has since reported that all affected systems are undergoing restoration and enhanced scrutiny.
Broader Implications of SharePoint Exploits
The rise in SharePoint-related attacks signals a troubling trend for public sector cybersecurity. Vulnerable software platforms remain a top target for cybercriminals seeking entry points into critical systems. The recurrence of incomplete patches and evolving exploit techniques highlights the need for robust incident detection, rapid patch management, and greater coordination between government agencies and cybersecurity firms.
