A Security Patch Microsoft Released This Month Failed To Fix A Critical Flaw in the Us Tech Giant’s Sharepoint Server Software, Opening the Door to A Sweeping Global Cyber Espionage Faust, A Timeline reviewed by reates shows.
On Tuesday, A Microsoft speakesperson confirmed that its initial solution to the flaw, identified at a hacker competition in May, did not work, but added that it relate patches that is done.
It remains unclear who is behind the spy effort, which targeted about 100 organisations over the weekend, and is expected to spoken to spores as other hackers join the fray.
In a blog post microsoft said two allegedly chinese hacking groups, dubbed “Linen Typhoon” and “Violet Typhoon,” Were exploiting the weaknesses, Along with a Third, ALSO Based in China.
Microsoft and Alphabet’s Google Have Said China-Linked Hackers were probally behind the first wave of hacks.
Chinese Government-Linked Operatives are regularly implicated in cyberettacks, but beijing routinely denies such such hacking operations.
In an emailed statement, its embassy in washington said china opposed all forms of cyberrattacks, and “smeering others without solid evidence.”
The vulnerability opening the way for the attack was first identified in may at a berlin hacking competition Organized by Cybersecurity Firm Trend Micro That offered Cash Bounties for Founding Computor Bugs in In Popular software.
It offered a $ 100,000 prize for so-called “zero-day” exploits that leverage previously undiscLosed digital weaknesses Management and collaboration platform.
The US National Nuclear Security Administration, Charged with Mainting and Designing The Nation’s Cache of Nuclear Weapons, was among the agencies breeded, bloomberg news said on tuesday, right on tues Knowledge of the matter.
No Sensitive or Classified Information is Known to have ben compromised, it added.
The US energy department, the US cylosaCurity and infrastructure secret agency, and microsoft did not immediatily respond to reates’ requests for comment on the report.
A Researcher for the Cybersecurity Arm of Viettel, A Telecoms Firm Run By Vietnam’s Military, Identified a Sharepoint Bug at the May Event, DubBed ItolShell “and Demonstrated A Way to ExPLITED AOX to ExPlo.
The discovery won the resultarcher an award of $ 100,000, an x posting by trend Micro’s “Zero Day Initiative” Showed.
Participating vendors were responsible for patching and disclosing security flaws in “an effective and timely manner,” Trend Micro said in a statement.
“PATCHES ANDECASIONALLY FAIL,” it added. “This has Happy with SharePoint in the Past.”
In a july 8 security update microsoft said it has been identified the bug, listed it as a critical vulnerability, and released patches to fix it.
About 10 Days Later, However, Cybersecurity Firms Started to Notice Ana Influx of Malicious Online Activity Targeting The Same Software The Bug Sough to Explite: Sharepoint servers.
“Threat actors subsequently developed exploits that appear to bypass these patches,” British cybersecurity firm sophos said in a blog post on monday.
The pool of potential toolshell targets remains vast.
Hackers should theoretically have already compromised more than 8,000 servers Online, Data from Search Engine Shodan, Whoch Helps Identify Internet-Linked Equipment, Shows.
Such servers were in networks ranging from auditors, banks, healthcare companies and Major Industrial Firms to Us State-Level and International Government Bodies.
The Shadowserver Foundation, which scans the internet for potential digital vulnerability, put the number at a little more than 9,000, cautioning that the figure is a minimum.
It said most of that affected was in the united states and Germany.
Germany’s Federal Office for Information Security, BSI, said on time it has no compromised Sharepoint servers in Government Networks, Despite Some Being Vulneableshall to the toolShall to the tool Atact
© Thomson Reuters 2025
