Microsoft Reports Ransomware Used in SharePoint Hackers' Attack
PorAinvest
miércoles, 23 de julio de 2025, 11:31 pm ET1 min de lectura
CVE--
Microsoft has reported that hackers involved in a cyberespionage campaign against its SharePoint servers have now started using ransomware. This marks a potential escalation in the campaign, which has been targeting US tech companies. The hackers initially used the SolarWinds Orion platform to access SharePoint servers. Microsoft has taken steps to mitigate the issue and has provided guidance to users on how to protect their systems.
The hackers are exploiting a critical zero-day vulnerability, CVE-2025-53770, in Microsoft SharePoint. This flaw allows attackers to execute remote code without authentication, potentially leading to data exfiltration and malware deployment. Microsoft has released patches for the vulnerabilities, but many organizations remain vulnerable due to delayed patching or incomplete mitigation [1].
The vulnerability has been actively exploited in a global cyber espionage campaign, impacting over 100 organizations. Upon successful exploitation, attackers can steal cryptographic keys, gain persistent access, and bypass traditional security controls. The US Nuclear Weapons Agency, the National Nuclear Security Administration, was among those breached by the hack of Microsoft SharePoint document management software [3].
Microsoft has warned that even organizations that don't use SharePoint directly are at risk, as compromised SharePoint servers can act as launchpads for supply chain attacks. The company has recommended applying emergency updates for SharePoint, rotating machine keys, and monitoring server activity for unusual behavior [1].
The use of ransomware in this campaign indicates a shift in tactics by the hackers. Ransomware can encrypt critical business data and demand payment for its release, potentially causing significant financial and operational disruption. This escalation underscores the need for organizations to prioritize cybersecurity and follow best practices for patch management and secure configurations.
References
[1] https://es.blog.barracuda.com/2025/07/22/cybersecurity-threat-advisory-microsoft-sharepoin-zero-day-vulnerability
[2] https://www.benzinga.com/markets/tech/25/07/46512850/microsoft-sounds-alarm-on-active-cyberattacks-targeting-sharepoint-thousands-of-us-government-servers-may-be-at-risk
[3] https://www.bloomberg.com/news/articles/2025-07-23/us-nuclear-weapons-agency-breached-in-microsoft-sharepoint-hack
MSFT--
Microsoft has reported that some hackers involved in a cyberespionage campaign against its SharePoint servers have now started using ransomware. This marks a potential escalation in the campaign, which has been targeting US tech companies. The hackers initially used the SolarWinds Orion platform to access SharePoint servers. Microsoft has taken steps to mitigate the issue and has provided guidance to users on how to protect their systems.
Title: Microsoft SharePoint Hackers Now Using Ransomware in Cyberespionage CampaignMicrosoft has reported that hackers involved in a cyberespionage campaign against its SharePoint servers have now started using ransomware. This marks a potential escalation in the campaign, which has been targeting US tech companies. The hackers initially used the SolarWinds Orion platform to access SharePoint servers. Microsoft has taken steps to mitigate the issue and has provided guidance to users on how to protect their systems.
The hackers are exploiting a critical zero-day vulnerability, CVE-2025-53770, in Microsoft SharePoint. This flaw allows attackers to execute remote code without authentication, potentially leading to data exfiltration and malware deployment. Microsoft has released patches for the vulnerabilities, but many organizations remain vulnerable due to delayed patching or incomplete mitigation [1].
The vulnerability has been actively exploited in a global cyber espionage campaign, impacting over 100 organizations. Upon successful exploitation, attackers can steal cryptographic keys, gain persistent access, and bypass traditional security controls. The US Nuclear Weapons Agency, the National Nuclear Security Administration, was among those breached by the hack of Microsoft SharePoint document management software [3].
Microsoft has warned that even organizations that don't use SharePoint directly are at risk, as compromised SharePoint servers can act as launchpads for supply chain attacks. The company has recommended applying emergency updates for SharePoint, rotating machine keys, and monitoring server activity for unusual behavior [1].
The use of ransomware in this campaign indicates a shift in tactics by the hackers. Ransomware can encrypt critical business data and demand payment for its release, potentially causing significant financial and operational disruption. This escalation underscores the need for organizations to prioritize cybersecurity and follow best practices for patch management and secure configurations.
References
[1] https://es.blog.barracuda.com/2025/07/22/cybersecurity-threat-advisory-microsoft-sharepoin-zero-day-vulnerability
[2] https://www.benzinga.com/markets/tech/25/07/46512850/microsoft-sounds-alarm-on-active-cyberattacks-targeting-sharepoint-thousands-of-us-government-servers-may-be-at-risk
[3] https://www.bloomberg.com/news/articles/2025-07-23/us-nuclear-weapons-agency-breached-in-microsoft-sharepoint-hack
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
Comentarios
Aún no hay comentarios