Over 400 organizations, including the National Nuclear Security Administration, have been compromised by a critical vulnerability in Microsoft SharePoint servers, a substantial increase from earlier estimates. Microsoft attributes the exploitation, active since July 7, to at least three China-based hacking groups. Despite a patch, researchers note attackers are stealing machine keys, enabling persistent access, indicating an ongoing and evolving threat for affected entities and raising concerns about continued espionage and ransomware risks.
A critical vulnerability in Microsoft's on-premise SharePoint servers has been actively exploited since at least July 7, compromising over 400 organizations globally—a significant escalation from an initial estimate of 60. Microsoft has attributed the attacks to at least three China-based hacking groups, implicating state-sponsored actors and elevating the geopolitical risk associated with the breach. High-profile victims include the National Nuclear Security Administration, underscoring the severity of the security failure. While Microsoft has issued a patch, the threat persists as attackers have reportedly stolen machine keys, enabling potential re-entry into systems even after remediation. This ongoing vulnerability creates a dual threat landscape, with researchers anticipating continued exploitation by both nation-state actors for espionage and cybercriminals for ransomware deployment, posing a sustained risk to unpatched and even previously compromised entities.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.75
Ticker Sentiment
