Overview
- A critical zero-day vulnerability in on-premises SharePoint servers, dubbed "ToolShell", enabled hackers to steal credentials and maintain persistent access.
- Eye Security reports more than 400 organizations across the U.S., Europe, the Middle East and Asia have been compromised, up from around 100 earlier this week.
- Microsoft released comprehensive patches after its July 8 fixes were bypassed and urged all on-premises customers to apply the new updates immediately.
- The company has attributed the operation to Chinese state-backed groups Linen Typhoon, Violet Typhoon and Storm-2603, while Beijing denies involvement.
- U.S. agencies such as CISA and DoD Cyber Command are coordinating with Microsoft and private cybersecurity firms to contain the breach and pursue additional threat actor leads.