Microsoft hack risk spreads as cybercriminals and nation-states pile in

A critical flaw in a major Microsoft document storage tool is hitting the organizations least able to defend themselves, security researchers and incident responders tell Axios. Why it matters: Schools, hospitals and government agencies are "sitting ducks" as they determine whether their servers have even been affected, one security executive said.Hackers are rushing into the breach, including groups linked to the Chinese government.Driving the news: Microsoft warned over the weekend of "active attacks" targeting a "zero-day" vulnerability in its on-premise SharePoint server. Today, the company said it has observed at least three China-based hacking groups, including two tied to the government, exploiting the vulnerability since as early as July 7. Charles Carmakal, CTO at Google's Mandiant, added that multiple threat groups are also now exploiting the bug.The Cybersecurity and Infrastructure Security Agency confirmed that attackers could exploit the bug to gain access to sensitive files or execute code remotely.At least one estimate puts the number of already compromised organizations near 100. The Washington Post reports that victims include state and federal agencies, universities, an energy company, and an Asian telecommunications firm."It's not one specific group that is going to be doing the hacking of this anymore," Michael Sikorski, CTO at Palo Alto Networks' Unit 42 threat intelligence team, told Axios. "Everybody's getting on the train." The big picture: Security teams will likely spend weeks, even months, unpacking the full scope of the breach and what damage is still to come.Researchers say the hackers have been stealing machine keys from targeted entities, which will allow them to keep breaking into the organizations even after they patch the SharePoint issue. "Because the attack blends in with just normal, legitimate activity, it's quite hard to detect what's unusual and what's atypical," Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers, told Axios. Zoom in: Sikorski said Unit 42 is actively working with Microsoft to notify affected entities, but many victims likely still don't know they've been hit."For those organizations that don't have a threat detection or red team capability built in, they are undoubtedly going to be at a longer time of risk for this because they just don't have the visibility," McGladrey said. Between the lines: The flaw mostly threatens legacy SharePoint systems still used by smaller public-sector entities and critical-infrastructure operators.Those organizations are unlikely to have the resources to quickly spin up their own investigations and response teams, Sikorski said."That's the scary part," Sikorski said. "Not only are they sitting ducks, but they don't have the capability to deal with it." The intrigue: While Microsoft released a patch Monday to fix the issue in all affected versions of SharePoint, even patched systems may not be fully safe if attackers already gained entry, stole machine keys or installed new backdoors.What's next: Security experts say the SharePoint hacking activity will likely unfold in waves.Opportunistic hackers, such as cybercriminal gangs, will race to exploit exposed servers, aiming to steal login credentials, plant backdoors and deploy ransomware.Meanwhile, stealthier groups, including nation-state actors, will burrow into high-value organizations for the long haul, quietly stealing sensitive data and setting up persistent access that could go undetected for months.Go deeper: Chinese hackers targeting SharePoint flaw for weeks, Microsoft says

Comments

World news

Homeland Security urges Americans to report former lovers to ICE: ‘From domestic abuser to deported loser’

Independent

Comments

Similar News

Microsoft accuses Chinese hackers of exploiting SharePoint software

Microsoft poaches top Google DeepMind staff in AI talent war

Microsoft’s SharePoint is being hacked by cyberattackers, FBI and CSE warn

US government agencies are under attack in widespread Microsoft hack

WPP names senior Microsoft boss Cindy Rose as new CEO

Outlook down: Microsoft issues statement after huge global Hotmail outage

Hotmail down: Millions hit by Microsoft Outlook 'glitch' - all we know

World news

Homeland Security urges Americans to report former lovers to ICE: ‘From domestic abuser to deported loser’

Hershey is raising the price of its candy bars over the high cost of cocoa

Newsmax star defends Alex Acosta’s sweetheart plea deal for Epstein — but ignores the network’s conflict of interest

Trump’s best hope to cool down Epstein fury may be for Hunter Biden to keep talking

Exclusive: Walmart reveals how it fights fakes on Marketplace

U.S. envoy Witkoff to meet Israeli, Qatari officials in Rome in Gaza ceasefire push

Rice’s late homer lifts Yankees over Blue Jays 5-4

Taxpayer-funded gift card purchases in Richmond stretch back to last decade

Not horsing around: Vancouver airport is 1st in Canada to feature therapy ponies

Thief allegedly drives off with vehicle just steps away from owner in Kelowna

B.C. couple asked to pay duties on family heirloom returned to them from U.S.

The Latest: Trump deflects questions about Epstein files and revives old grievances

Obama releases rare statement on ‘Russia-gate’ after Trump accuses him of ‘treason’

Trump administration wants $1.2 billion tent city at Texas Army base, country’s largest immigration detention center

Republican Congressman who voted against Trump’s bill now trying to fundraise off Epstein files

'The Osbournes' changed Ozzy's image from grisly to cuddly, and changed reality TV

Witkoff plans to visit the Mideast in push for Gaza ceasefire, State Department spokesperson says

AFP journalists sound alarm about dire conditions faced by hungry colleagues in Gaza

In-N-Out Burger CEO to join the list of high-profile business figures to leave California

Award-winning AP photographer Bob Daugherty captured history with speed and persistence

Trump says U.S. reached Japan trade deal with 15% tariffs

Thune prepares senators to work first August weekend

B.C. animal charity warns others after being victimized by sophisticated scam

Troubling details emerge about ex-boyfriend of victim in fatal Calgary shooting

Lethbridge sees sharpest crime severity index drop since 2000

Okanagan’s ‘jewel’ deemed deadliest lake in B.C., prompting safety reminder

Families of Air India crash victims are sent the WRONG bodies in glaring blunder

Ozzy Osbourne death: 'He was one of nature's good guys'

How Native Homes in New Mexico Are Tapping the Sun

Grizzlies Were Raiding Montana Farms. Then Came Some Formidable Dogs.

North Carolina’s Bogs Have a Dirty Secret, and That’s a Good Thing

Why This Pennsylvania City Put Its Streetlights on a Dimmer

Rip Current Survival Tips: What to Do if You Get Caught in One

Tornado alert pings Winnipeg phones, despite no warning for the area

Questions surround Calgary’s projected $175M surplus in 2025

Overflowing storm pond puts Calgary homes at risk of flooding

Report on Medicine Hat city council finds dysfunction, rancour, culture of fear

‘It’s almost door-closing’: Winnipeg businesses voice concern over vandalism, arson

Saskatchewan sees a decrease in Canada crime severity Index

Kids take over RCMP Depot as co-commanding officers for the day

How have 2025’s smoky skies in Saskatchewan affected Waskesiu?

China Starts Construction on World’s Largest Hydropower Dam

28 Countries Slam Israel’s ‘Inhumane Killing of Civilians’ in Gaza

Epstein breaks Congress

Who England could play in the final of Euro 2025

Lionesses roar into Euro 2025 final with last-gasp victory over Italy

Anti-Zelensky protest in Kyiv as Klitschko brothers join demonstrators

A heat dome and "corn sweat" are driving this week's dangerous heat wave

Zelensky neuters corruption watchdogs, sparking protests

U.S. Olympic committee bans trans women from competing in women's sports

England through to Women's Euros final after beating Italy in extra time

Councillor calls on Richmond mayor to voluntarily cap his pay

B.C. signs 2 more trade deals, this time with with Manitoba, Yukon

Coastal First Nations call on Carney to reject new B.C. pipelines

2 soldiers stabbed during brawl in Wainwright, Alberta RCMP investigating

Winnipeg Blue Bombers QB Zach Collaros practices, will play against Argonauts

Former Saskatoon Christian school leader found guilty of assaulting students

Researchers chase storms, study fist-sized stones in Alberta’s ‘Hailstorm Alley’

Teen arrested in stabbing death of 15-year-old near Vancouver’s Robson Square

Vancouver to allow liquor service until 4 a.m. downtown, extends hours elsewhere