TZUTC: -0500   
   MSGID: 1267.consprcy@1:2320/105 2ce8d398   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Microsoft SharePoint attack now sees victim count rises to 400 organizations,   
   including US nuclear agency   
      
   Date:   
   Thu, 24 Jul 2025 13:38:20 +0000   
      
   Description:   
   Microsoft SharePoint hack may be bigger than previously thought, experts warn.   
      
   FULL STORY   
      
   New estimates regarding the recently-exploited Microsoft SharePoint   
   vulnerabilities now evaluate that as many as 400 organizations may have been   
   targeted.    
      
   The figure is a sharp increase from the original count of around 100, with   
   Microsoft pointing the finger at Chinese threat actors for the hacks , namely   
   Linen Typhoon, Violet Typhoon, and Storm-2603.    
      
   The victims are primarily US based, and amongst these are some high value   
   targets, including the National Nuclear Security Administration - the US   
   agency responsible for maintaining and designing nuclear weapons, Bloomberg   
   reports.   
      
   Ransomware deployed    
      
   So far, no sensitive or classified information is confirmed to have been   
   leaked, but the hackers have also seemingly broken into systems belonging to   
   national governments in Europe and the Middle East, the US Education   
   Department - and the full extent of the repercussions wont be seen for a long   
   time yet, experts have warned.    
      
   Microsoft has confirmed that these security flaws, although now patched, were   
   used by the Chinese threat actor Storm-2603 to deploy ransomware - which    
   could cost the affected organisation millions.    
      
   "Microsoft tracks this threat actor in association with attempts to steal   
   MachineKeys using the on-premises SharePoint vulnerabilities," the company   
   shared in a report. "Starting on July 18, 2025, Microsoft has observed   
   Storm-2603 deploying ransomware using these vulnerabilities."    
      
   The vulnerability allows hackers to extract cryptographic keys from servers   
   run by Microsoft clients, these keys in turn let them install programmes onto   
   the servers - including malware or backdoors which could allow the hackers to   
   return at a later date. This means that patching the vulnerability should be    
   a top priority for any organisation affected.    
      
   Microsoft did issue a patch for this vulnerability early on, but some    
   bypasses were identified, so customers were advised to be extra vigilant and   
   deploy Antimalware Scan Interface (AMSI) as well as antivirus software .   
   Since, additional security updates have been rolled out to address the    
   issues.    
      
   China has repeatedly denied the accusation of cyber espionage, and a Chinese   
   embassy spokesperson told TechRadar Pro it hopes, relevant parties will adopt   
   a professional and responsible attitude when characterizing cyber incidents,   
   basing their conclusions on sufficient evidence rather than unfounded   
   speculation and accusations.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/microsoft-sharepoint-attack-now-sees-vi   
   ctim-count-rises-to-400-organizations-including-us-nuclear-agency   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426