1. Forum
  2. FidoNet
  3. CONSPRCY

  • MS SharePoint attack now

    From Mike Powell@1:2320/105 to All on Fri Jul 25 09:45:56 2025
    Microsoft SharePoint attack now sees victim count rises to 400 organizations, including US nuclear agency

    Date:
    Thu, 24 Jul 2025 13:38:20 +0000

    Description:
    Microsoft SharePoint hack may be bigger than previously thought, experts warn.

    FULL STORY

    New estimates regarding the recently-exploited Microsoft SharePoint vulnerabilities now evaluate that as many as 400 organizations may have been targeted.

    The figure is a sharp increase from the original count of around 100, with Microsoft pointing the finger at Chinese threat actors for the hacks , namely Linen Typhoon, Violet Typhoon, and Storm-2603.

    The victims are primarily US based, and amongst these are some high value targets, including the National Nuclear Security Administration - the US
    agency responsible for maintaining and designing nuclear weapons, Bloomberg reports.

    Ransomware deployed

    So far, no sensitive or classified information is confirmed to have been leaked, but the hackers have also seemingly broken into systems belonging to national governments in Europe and the Middle East, the US Education
    Department - and the full extent of the repercussions wont be seen for a long time yet, experts have warned.

    Microsoft has confirmed that these security flaws, although now patched, were used by the Chinese threat actor Storm-2603 to deploy ransomware - which
    could cost the affected organisation millions.

    "Microsoft tracks this threat actor in association with attempts to steal MachineKeys using the on-premises SharePoint vulnerabilities," the company shared in a report. "Starting on July 18, 2025, Microsoft has observed Storm-2603 deploying ransomware using these vulnerabilities."

    The vulnerability allows hackers to extract cryptographic keys from servers
    run by Microsoft clients, these keys in turn let them install programmes onto the servers - including malware or backdoors which could allow the hackers to return at a later date. This means that patching the vulnerability should be
    a top priority for any organisation affected.

    Microsoft did issue a patch for this vulnerability early on, but some
    bypasses were identified, so customers were advised to be extra vigilant and deploy Antimalware Scan Interface (AMSI) as well as antivirus software .
    Since, additional security updates have been rolled out to address the
    issues.

    China has repeatedly denied the accusation of cyber espionage, and a Chinese embassy spokesperson told TechRadar Pro it hopes, relevant parties will adopt
    a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-sharepoint-attack-now-sees-vi ctim-count-rises-to-400-organizations-including-us-nuclear-agency

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)