Microsoft SharePoint server hack sees Chinese threat actor hit roughly 100
orgs - heres what we know so far
Date:
Tue, 22 Jul 2025 10:51:51 +0000
Description:
A recently discovered SharePoint security flaw has been exploited by threat actors.
FULL STORY
A cyberespionage campaign exploiting the recently-revealed Microsoft
SharePoint issue has targeted roughly 100 organizations, compromising server software and primarily hitting government agencies in the US and Germany, experts have warned.
Google released a statement in which it attributed at least some of the
attacks to a China-Nexus threat actor, and warned against further expansion
of the threat.
Microsoft recently released urgent security flaw patche s to address a
zero-day vulnerability that affected SharePoint servers, which have been
abused in attacks since July 18, with victims reportedly including a private energy operator in California as well as a private fintech firm in New York.
China-Nexus threat actors
The attacks saw hackers extract cryptographic keys from servers that are run
by Microsoft clients. The keys would then let them install pretty much
anything - including malware or backdoors that hackers could use to return.
Only SharePoint versions that are hosted by the customer, rather than the cloud, are vulnerable. These types of attacks could allow attackers to steal corporate secrets or install ransomware to encrypt key files.
We assess that at least one of the actors responsible for this early exploitation is a China-nexus threat actor said Charles Carmakal, chief technology officer of Googles Mandiant Consulting.
It's critical to understand that multiple actors are now actively exploiting this vulnerability. We fully anticipate that this trend will continue, as various other threat actors, driven by diverse motivations, will leverage
this exploit as well." he continued.
Researchers say that so far, the attacks can be attributed to a single hacker or a set of hackers, rather than a large number - but there has been a broad range of targets, and a vast number of potential targets - with some researchers estimating up to 8,000 vulnerable servers.
Whilst the update should prevent new intrusion, users will also need to
rotate machine keys, search for any missed breaches, and deploy Antimalware Scan Interface (AMSI) as well as antivirus software .
======================================================================
Link to news story:
https://www.techradar.com/pro/security/microsoft-sharepoint-server-hack-sees-c hinese-threat-actor-hit-roughly-100-orgs-heres-what-we-know-so-far
$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)