Microsoft confirms Chinese hackers exploited a SharePoint flaw; Patches now available. Cloud-based Microsoft 365 not affected.

Threat actors exploit SharePoint flaws to access internal systems, steal sensitive data, and carry out surveillance, impersonation, and extortion.

Federal cybersecurity officials have issued a warning to Microsoft users about a security flaw allowing hackers to access to certain SharePoint systems.

Ransomware has officially entered the Microsoft SharePoint exploitation ring. Late Wednesday, in an update to its earlier warning, Redmond confirmed that a threat group it tracks as Storm-2603 is abusing vulnerable on-premises SharePoint servers to deploy ransomware.

The attacks appear to have escalated because Microsoft released incomplete patches for the initial vulnerabilities, according to Benjamin Harris, CEO of watchTowr. After researche

Microsoft recently patched two major flaws in SharePoint on-prem instances, but the effects could be long-lasting.

The attacks, discovered over the weekend, exploit a previously unknown vulnerability in the document-sharing software, prompting immediate action from both Microsoft and federal investigators. Newsweek reached out to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) via email for comment.

It issued an alert about “active attacks” targeting its server software and urged customers to install new security updates that have been released.

Researchers say Chinese actors, along with other criminal hackers, exploited a security flaw in SharePoint software widely used by governments and businesses.

A series of cyberattacks targeting Microsoft collaboration software, specifically SharePoint, have been linked to Chinese hackers and threat actors.

The path to a worldwide hacking campaign began with a contest for cash and a free laptop.