Microsoft Reports Ransomware Used in SharePoint Hackers' Attack
ByAinvest
Wednesday, Jul 23, 2025 11:31 pm ET1min read
CVE--
Microsoft has reported that hackers involved in a cyberespionage campaign against its SharePoint servers have now started using ransomware. This marks a potential escalation in the campaign, which has been targeting US tech companies. The hackers initially used the SolarWinds Orion platform to access SharePoint servers. Microsoft has taken steps to mitigate the issue and has provided guidance to users on how to protect their systems.
The hackers are exploiting a critical zero-day vulnerability, CVE-2025-53770, in Microsoft SharePoint. This flaw allows attackers to execute remote code without authentication, potentially leading to data exfiltration and malware deployment. Microsoft has released patches for the vulnerabilities, but many organizations remain vulnerable due to delayed patching or incomplete mitigation [1].
The vulnerability has been actively exploited in a global cyber espionage campaign, impacting over 100 organizations. Upon successful exploitation, attackers can steal cryptographic keys, gain persistent access, and bypass traditional security controls. The US Nuclear Weapons Agency, the National Nuclear Security Administration, was among those breached by the hack of Microsoft SharePoint document management software [3].
Microsoft has warned that even organizations that don't use SharePoint directly are at risk, as compromised SharePoint servers can act as launchpads for supply chain attacks. The company has recommended applying emergency updates for SharePoint, rotating machine keys, and monitoring server activity for unusual behavior [1].
The use of ransomware in this campaign indicates a shift in tactics by the hackers. Ransomware can encrypt critical business data and demand payment for its release, potentially causing significant financial and operational disruption. This escalation underscores the need for organizations to prioritize cybersecurity and follow best practices for patch management and secure configurations.
References
[1] https://es.blog.barracuda.com/2025/07/22/cybersecurity-threat-advisory-microsoft-sharepoin-zero-day-vulnerability
[2] https://www.benzinga.com/markets/tech/25/07/46512850/microsoft-sounds-alarm-on-active-cyberattacks-targeting-sharepoint-thousands-of-us-government-servers-may-be-at-risk
[3] https://www.bloomberg.com/news/articles/2025-07-23/us-nuclear-weapons-agency-breached-in-microsoft-sharepoint-hack
MSFT--
Microsoft has reported that some hackers involved in a cyberespionage campaign against its SharePoint servers have now started using ransomware. This marks a potential escalation in the campaign, which has been targeting US tech companies. The hackers initially used the SolarWinds Orion platform to access SharePoint servers. Microsoft has taken steps to mitigate the issue and has provided guidance to users on how to protect their systems.
Title: Microsoft SharePoint Hackers Now Using Ransomware in Cyberespionage CampaignMicrosoft has reported that hackers involved in a cyberespionage campaign against its SharePoint servers have now started using ransomware. This marks a potential escalation in the campaign, which has been targeting US tech companies. The hackers initially used the SolarWinds Orion platform to access SharePoint servers. Microsoft has taken steps to mitigate the issue and has provided guidance to users on how to protect their systems.
The hackers are exploiting a critical zero-day vulnerability, CVE-2025-53770, in Microsoft SharePoint. This flaw allows attackers to execute remote code without authentication, potentially leading to data exfiltration and malware deployment. Microsoft has released patches for the vulnerabilities, but many organizations remain vulnerable due to delayed patching or incomplete mitigation [1].
The vulnerability has been actively exploited in a global cyber espionage campaign, impacting over 100 organizations. Upon successful exploitation, attackers can steal cryptographic keys, gain persistent access, and bypass traditional security controls. The US Nuclear Weapons Agency, the National Nuclear Security Administration, was among those breached by the hack of Microsoft SharePoint document management software [3].
Microsoft has warned that even organizations that don't use SharePoint directly are at risk, as compromised SharePoint servers can act as launchpads for supply chain attacks. The company has recommended applying emergency updates for SharePoint, rotating machine keys, and monitoring server activity for unusual behavior [1].
The use of ransomware in this campaign indicates a shift in tactics by the hackers. Ransomware can encrypt critical business data and demand payment for its release, potentially causing significant financial and operational disruption. This escalation underscores the need for organizations to prioritize cybersecurity and follow best practices for patch management and secure configurations.
References
[1] https://es.blog.barracuda.com/2025/07/22/cybersecurity-threat-advisory-microsoft-sharepoin-zero-day-vulnerability
[2] https://www.benzinga.com/markets/tech/25/07/46512850/microsoft-sounds-alarm-on-active-cyberattacks-targeting-sharepoint-thousands-of-us-government-servers-may-be-at-risk
[3] https://www.bloomberg.com/news/articles/2025-07-23/us-nuclear-weapons-agency-breached-in-microsoft-sharepoint-hack
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PROEditorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process.
While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context.
Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue
Comments
No comments yet