Global hack on Microsoft Sharepoint hits U.S., state agencies, researchers say

Original Article ↗ Hacker News Discussion ↗

Scope of the SharePoint Hack

  • Thread centers on mass exploitation of an on‑premises SharePoint vulnerability (command injection leading to RCE via signed cookies).
  • Cloud versions (SharePoint Online / M365) are repeatedly noted as out of scope; the issue affects self‑hosted servers exposed to the internet.
  • Commenters highlight that many affected orgs likely had outdated, poorly maintained, internet‑facing SharePoint instances.

On‑Prem, Internet Exposure, and “Zero Trust”

  • Many are surprised anyone would run on‑prem SharePoint directly internet‑facing; they expected VPN‑only access.
  • Others argue VPNs are no longer enough, advocating “zero trust” models where every request is authenticated and encrypted, sometimes via brokers or reverse proxies.
  • There’s debate over whether these architectures truly reduce exposure versus just adding complexity and new single points of failure.

Speculation Around FBI / Epstein Files

  • Some point to reporting that Epstein/Maxwell files were distributed via loosely permissioned FBI SharePoint/Share drives.
  • A few speculate—without evidence—that the timing of disclosures might be linked; others treat this as coincidence or unclear.

Why SharePoint Is So Entrenched

  • Multiple comments: SharePoint is disliked, confusing, and historically fragile, but deeply integrated:
    • Backbone for OneDrive, Teams file storage, M365 Groups, and parts of Power Platform.
    • Tight integration with Exchange and Active Directory makes it the “default” for large orgs and governments.
  • Decision‑makers favor “nobody gets fired for buying Microsoft,” eDiscovery capabilities, and liability deflection over technical elegance.

Alternatives and the Linux/FOSS Debate

  • Alternatives mentioned: Nextcloud (+Collabora), Synology, various wikis/CMSs, Google Workspace, Zoho, Liferay, custom Git‑based setups.
  • Consensus: these can replace pieces (file sharing, docs, wikis) but not the full M365/SharePoint ecosystem, especially for legacy PowerApps/PowerAutomate workflows.
  • Long debate over whether Linux/FOSS would really be more secure:
    • Some argue monoculture and Microsoft’s incentive structure are the problem.
    • Others note FOSS also has severe CVEs (e.g., log4j), and security is fundamentally about process and incentives, not just OS.

Government, CISA, and DOGE/China Concerns

  • Anger that US agencies rely so heavily on Microsoft while cutting cybersecurity funding (CISA headcount reductions cited).
  • Strong criticism of Microsoft using China‑based engineers on DoD cloud programs; seen as obviously risky even if technically legal.
  • Several see this breach as part of a broader “war” in cyberspace, with US institutions under‑resourced and captured by cost‑cutting and outsourcing.