More than 90 state, local governments targeted using Microsoft SharePoint vulnerability, group says

The nonprofit Center for Internet Security provides no further details about the targets, but says it did not have evidence that the hackers had broken through

More than 90 state and local governments have been targeted using the recently revealed vulnerability in Microsoft server software, according to a US group devoted to helping local authorities collaborate against hacking threats.

The nonprofit Center for Internet Security, which houses an information-sharing group for state, local, tribal, and territorial government entities, provided no further details about the targets, but said it did not have evidence that the hackers had broken through.

“None have resulted in confirmed security incidents,” Randy Rose, the center’s vice president of security operations and intelligence, said in an email.

A wave of hacks hit servers running vulnerable versions of Microsoft SharePoint this month, causing widespread concern. The campaign has claimed at least 400 victims, according to Netherlands-based cybersecurity firm Eye Security. Multiple federal government agencies are reportedly among the victims, and new ones are being identified every day.

On Wednesday, a spokesperson for one of the US Department of Energy’s 17 national labs said it was among those hit.

“Attackers did attempt to access Fermilab’s SharePoint servers,” the spokesperson said, referring to the US Fermi National Accelerator Laboratory. “The attackers were quickly identified, and the impact was minimal, with no sensitive or classified data accessed.” The Fermilab incident was first reported by Bloomberg.

The US Department of Energy has previously said the SharePoint security hack has affected “a very small number” of its systems – Rappler.com