- Microsoft SharePoint’s vulnerability is demonstrating incredibly attractive to hackers
- The new estimates place the number of organizations affected by 400
- Computer pirates have implemented ransomware against some affected organizations.
New estimates regarding Microsoft SharePoint Microsoft’s vulnerabilities recently exploited now evaluate that up to 400 organizations may have been attacked.
The figure is a strong increase in the original count of around 100, with Microsoft pointing to the finger at Chinese threat actors for hacks, namely the linen of linen, typhoon Violet and the storm-2603.
The victims are mainly based on the United States, and among these are some high -value objectives, including the National Nuclear Safety Administration, the US agency responsible for maintaining and designing nuclear weapons, Bloomberg information.
Deployed ransomware
Until now, it is confirmed that sensitive or classified information has not been leaked, but computer pirates have also apparently divided into systems that belong to national governments in Europe and the Middle East, the United States Department of Education, and the total extension of the repercussions will not be seen for a long time, experts have warned.
Microsoft has confirmed that these safety failures, although now patching, were used by the Chinese threat actor Storm -2603 to deploy ransomware, which could cost the organization affected millions.
“Microsoft tracks this threat actor in association with attempts to steal kachinekeys using local SharePoint vulnerabilities,” the company shared in a report. “As of July 18, 2025, Microsoft has observed Storm-2603 implementing ransomware using these vulnerabilities.”
Vulnerability allows computer pirates to extract cryptographic keys from servers executed by Microsoft customers, these keys in turn allow them to install programs on servers, including malware or rear doors that could allow computer pirates to return on a later date. This means that repairing vulnerability should be a priority for any affected organization.
Microsoft issued a patch for this vulnerability from the beginning, but some derivations were identified, so customers were advised to be more vigilant and implement the antimalware escape interface (AMSI), as well as the antivirus software. Since then, additional security updates have been implemented to address problems.
China has repeatedly denied the accusation of Ciber Espionage, and a spokesman for the Chinese embassy told Techradar Pro It Weuge: “The relevant parts will adopt a professional and responsible attitude by characterizing cyber incidents, based on their conclusions on sufficient evidence instead of infused speculation and accusations.”
