- Microsoft SharePoint vulnerability is incredibly attractive for pirates
- New estimates place the number of organizations affected at 400
- The pirates have deployed ransomware against certain organizations concerned
New estimates concerning Microsoft SharePoint vulnerabilities recently exploited now assess that up to 400 organizations may have been targeted.
The figure is a sharp increase compared to the original number of approximately 100, with Microsoft pointing the finger on the actors of the Chinese threat for hacks, namely the typhoon of linen, the purple typhoon and the Storm-2603.
The victims are mainly based on the United States, and among it are high value objectives, including the National Nuclear Security Administration-the American agency responsible for the maintenance and design of nuclear weapons, Bloomberg Reports.
Ransomware deployed
Until now, no sensitive or classified information has been confirmed to have been disclosed, but the pirates have also apparently divided into systems belonging to national governments in Europe and the Middle East, the Department of American Education – and the whole extent of the repercussions will not yet be seen, have warned the experts.
Microsoft has confirmed that these security defects, although now corrected, have been used by the actor of the Chinese threat Storm -2603 to deploy ransomware – which could cost the affected organization of millions.
“Microsoft follows this threat actor in association with attempts to steal Machinekeys using SharePoint on site vulnerabilities,” shared the company in a report. “From July 18, 2025, Microsoft observed that Storm-2603 deploys ransomware using these vulnerabilities.”
Vulnerability allows hackers to extract cryptographic keys from servers executed by Microsoft customers, these keys in turn allow them to install programs on servers – including malicious software or deoperates that could allow hackers to return to a later date. This means that the vulnerability is to be an absolute priority for any affected organization.
Microsoft issued a corrective for this vulnerability from the start, but some bypass has been identified, so that customers were invited to be very vigilant and deploy the anti-logician digitization interface (AMSI) as well as antivirus software. Since then, additional security updates have been deployed to solve problems.
China has repeatedly denied the accusation of cyber-espionage, and a spokesperson for the Chinese embassy told Techradar Pro that he hoped that “the parties concerned will adopt a professional and responsible attitude during the characterization of cyber-incidents, based on their conclusions on sufficient evidence rather than speculation and unfounded accusations”.
