- Microsoft SharePoint — v overliness turns out to be incredibly attractive to hackers
- New estimates place the number of organizations affected at 400
- The hackers have implemented ransomware against some affected organizations
New estimates regarding the newly exterminated Microsoft SharePoint vulnerability are now estimating that as many as 400 organizations may have been targeted.
The figure is a sharp rise from the original count of about 100, with Microsoft pointing his finger against Chinese threat actors for hacks, namely linenypon, violet Typhoon and Storm-2603.
The victims are primarily American -based, and among these are some high -value goals including National Nuclear Security Administration – the US Agency Responsible for maintaining and designing nuclear weapons, Bloomberg Reports.
Ransomware inserted
So far, no sensitive or classified information is confirmed to be leaked, but the hackers have also apparently broken into systems that belong to national governments in Europe and the Middle East, the US education department – and the full extent of the consequences will not be seen for a long time, experts have warned.
Microsoft has confirmed that these security errors, although now patched, were used by Chinese threat actor Storm -2603 to implement ransomware – which could cost the affected organizations millions.
“Microsoft tracks this threat actor in collaboration with attempts to steal machine schools using local SharePoint vulnerability,” the company shared in a report. “From July 18, 2025, Microsoft has observed Storm-2603 implementing ransomware using these vulnerabilities.”
Vulnerability allows hackers to extract cryptographic keys from servers driven by Microsoft clients, these keys let them re -install programs on the servers – including malware or back doors that could allow hackers to return at a later date. This means that the patching of vulnerability should be a highest priority for any affected organization.
Microsoft released a patch for this vulnerability early, but some laps were identified, so customers were asked to be extra vigilant and implement antimalware -scan interface (AMSI) as well as antivirus software. Since then, additional security updates have been rolled out to tackle the problems.
China has repeatedly denied the allegation of cyber espionage, and a Chinese embassy spokesman told Techradar Pro that “relevant parties will take a professional and responsible attitude when characterizing cyber events that base their conclusions on sufficient evidence rather than unbound speculation and accusations.”
