Particle.news

Download on the App Store

SharePoint Zero-Day Campaign Surpasses 400 Victims as Microsoft Releases New Fixes

Microsoft is coordinating with federal cybersecurity agencies to patch vulnerabilities, pursuing leads on additional threat actors

Microsoft signage is seen at the company's headquarters in Redmond, Washington, U.S., January 18, 2023. REUTERS/Matt Mills McKnight/File Photo
Image
Image

Overview

  • A critical zero-day vulnerability in on-premises SharePoint servers, dubbed "ToolShell", enabled hackers to steal credentials and maintain persistent access.
  • Eye Security reports more than 400 organizations across the U.S., Europe, the Middle East and Asia have been compromised, up from around 100 earlier this week.
  • Microsoft released comprehensive patches after its July 8 fixes were bypassed and urged all on-premises customers to apply the new updates immediately.
  • The company has attributed the operation to Chinese state-backed groups Linen Typhoon, Violet Typhoon and Storm-2603, while Beijing denies involvement.
  • U.S. agencies such as CISA and DoD Cyber Command are coordinating with Microsoft and private cybersecurity firms to contain the breach and pursue additional threat actor leads.