Subj : MS SharePoint attack now
To   : All
From : Mike Powell
Date : Fri Jul 25 2025 09:45 am

Microsoft SharePoint attack now sees victim count rises to 400 organizations,
including US nuclear agency

Date:
Thu, 24 Jul 2025 13:38:20 +0000

Description:
Microsoft SharePoint hack may be bigger than previously thought, experts warn.

FULL STORY

New estimates regarding the recently-exploited Microsoft SharePoint
vulnerabilities now evaluate that as many as 400 organizations may have been
targeted.

The figure is a sharp increase from the original count of around 100, with
Microsoft pointing the finger at Chinese threat actors for the hacks , namely
Linen Typhoon, Violet Typhoon, and Storm-2603.

The victims are primarily US based, and amongst these are some high value
targets, including the National Nuclear Security Administration - the US
agency responsible for maintaining and designing nuclear weapons, Bloomberg
reports.

Ransomware deployed

So far, no sensitive or classified information is confirmed to have been
leaked, but the hackers have also seemingly broken into systems belonging to
national governments in Europe and the Middle East, the US Education
Department - and the full extent of the repercussions wont be seen for a long
time yet, experts have warned.

Microsoft has confirmed that these security flaws, although now patched, were
used by the Chinese threat actor Storm-2603 to deploy ransomware - which
could cost the affected organisation millions.

"Microsoft tracks this threat actor in association with attempts to steal
MachineKeys using the on-premises SharePoint vulnerabilities," the company
shared in a report. "Starting on July 18, 2025, Microsoft has observed
Storm-2603 deploying ransomware using these vulnerabilities."

The vulnerability allows hackers to extract cryptographic keys from servers
run by Microsoft clients, these keys in turn let them install programmes onto
the servers - including malware or backdoors which could allow the hackers to
return at a later date. This means that patching the vulnerability should be
a top priority for any organisation affected.

Microsoft did issue a patch for this vulnerability early on, but some
bypasses were identified, so customers were advised to be extra vigilant and
deploy Antimalware Scan Interface (AMSI) as well as antivirus software .
Since, additional security updates have been rolled out to address the
issues.

China has repeatedly denied the accusation of cyber espionage, and a Chinese
embassy spokesperson told TechRadar Pro it hopes, relevant parties will adopt
a professional and responsible attitude when characterizing cyber incidents,
basing their conclusions on sufficient evidence rather than unfounded
speculation and accusations.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/microsoft-sharepoint-attack-now-sees-vi
ctim-count-rises-to-400-organizations-including-us-nuclear-agency

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.