Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

Microsoft server hack has now hit 400 victims, researchers say

UNITED STATES, JUL 23 – Chinese state-sponsored hackers exploit unpatched Microsoft SharePoint flaws to deploy ransomware and steal data, rapidly increasing victims to over 400, including key U.S. government agencies.

  • Microsoft confirmed that the China-based group Storm-2603 began deploying Warlock ransomware via vulnerable on-premises SharePoint servers starting July 18, 2025.
  • The attacks exploited a zero-day vulnerability chain known as ToolShell, which includes critical flaws CVE-2025-53770 and CVE-2025-53771 that allow remote code execution and bypass security protections.
  • Storm-2603 uses tools like Mimikatz to steal credentials and moves laterally across networks by modifying Group Policy Objects to distribute ransomware across compromised systems.
  • More than 400 organizations, including US federal agencies such as the Department of Energy and the National Nuclear Security Administration, have been compromised in four waves of attacks.
  • Microsoft urges immediate patching of affected SharePoint versions and following mitigation guidance, warning that threat actors will continue exploiting unpatched on-premises servers.
Insights by Ground AI
Does this summary seem wrong?

61 Articles

Sud OuestSud Ouest
Center

Chinese Hackers Exploit a Security Flaw of a Widely Used Microsoft Software

Microsoft alerts about a security flaw in its SharePoint software, exploited by Chinese hackers to access sensitive data Several groups of Chinese hackers have exploited a

·France
Read Full Article
The HinduThe Hindu
+3 Reposted by 3 other sources
Lean Left

Risk highlighted as Chinese hackers hit Microsoft

Microsoft is at the centre of cybersecurity storm after China-linked hackers exploited flaws in SharePoint servers to target hundreds of organisations.

·India
Read Full Article
The RegisterThe Register
Center

Microsoft: SharePoint attacks now include ransomware

: Let the games begin

Read Full Article
CyberScoopCyberScoop
Center

Microsoft SharePoint attacks ensnare 400 victims, including federal agencies

The fallout from an attack spree targeting defects in on-premises Microsoft SharePoint servers continues to spread nearly a week after zero-day exploits were discovered, setting off alarms across the globe. More than 400 organizations have been actively compromised across four waves of attacks, according to Eye Security. Multiple government agencies, including the Departments of Energy, Homeland Security and Health and Human Services, have been …

Read Full Article
PC MagPC Mag
Lean Left

Microsoft SharePoint Flaw Is Being Abused to Spread Ransomware

It's not just data theft. A China-based hacking group is using a flaw in vulnerable SharePoint servers to deliver ransomware, Microsoft warns.

·United States
Read Full Article
QuartzQuartz
Center

Microsoft says the SharePoint hackers have escalated their attack with ransomware

Hackers have escalated their attack on SharePoint software with the use of ransomware, Microsoft said

·United States
Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 54% of the sources are Center
54% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

Bloomberg broke the news in United States on Wednesday, July 23, 2025.
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Hacking icon

Hacking

Business icon

Business

Technology icon

Technology

Cybercrimes icon

Cybercrimes

Cyber Security icon

Cyber Security

United States icon

United States

News
For You
SearchBlindspotLocal