A cyber-espionage campaign exploiting unpatched Microsoft SharePoint vulnerabilities has breached approximately 400 organizations worldwide, including the US National Nuclear Security Administration, according to Netherlands-based cybersecurity firm Eye Security. The figure represents a four-fold increase from 100 organizations cataloged over the weekend, with researchers calling it likely an undercount since not all attack vectors leave detectable artifacts.
Microsoft identified three Chinese groups — state-backed Linen Typhoon and Violet Typhoon, plus China-based Storm-2603 — as exploiting the vulnerabilities in on-premises SharePoint servers to steal authentication credentials and execute malicious code remotely. The campaign began July 7 and was first detected July 18 when Eye Security found unusual activity on a customer’s server. Victims include the US Energy Department, Education Department, Florida’s Department of Revenue, Rhode Island General Assembly, and European and Middle Eastern governments.
Read more of this story at Slashdot.