Canada’s cybersecurity agency is issuing an alert over attacks it says are impacting Microsoft SharePoint servers, with a warning for organizations to act now to protect their information.
Microsoft issued an alert on Saturday that said the server software being targeted are self-hosted used by government agencies and businesses to share documents within their organizations.
The company has since clarified that SharePoint usage that runs off Microsoft servers are not impacted.
It also advised that security updates should be applied immediately.
The Cyber Centre is also urging companies to take various actions to reduce risks, including checking for a specific file in their servers.
“The Cyber Centre is aware of exploitation happening in Canada,” the Canadian Centre for Cyber Security wrote in a vulnerability alert.
“CVE-2025-53770 involves a deserialization of untrusted data in on-premises Microsoft SharePoint Servers allowing an unauthorised attacker to execute code over a network.”
Get breaking National news
Those who use SharePoint Online in Microsoft 365, which is in the cloud, have not been impacted.
Global News has reached out to the federal government and Communications Security Establishment Canada to inquire if any departments have been impacted.
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether – and that was before the technique behind the hack was widely known.
“It’s unambiguous,” Bernard said. “Who knows what other adversaries have done since to place other backdoors.”
He declined to identify the affected organizations, saying that the relevant national authorities had been notified.
The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organizations.
The FBI said on Sunday that it was aware of the attacks and is working closely with federal and private-sector partners, but offered no other details.
The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses.
In the alert, Microsoft said a vulnerability “allows an authorized attacker to perform spoofing over a network.” It issued recommendations to stop the attackers from exploiting it.
— with files from Reuters
Comments