The recently discovered zero-day vulnerability in Microsoft SharePoint has been escalating at an alarming rate, as more organizations fall prey to the cyber attack. According to findings from Microsoft Threat Intelligence, over 100 organizations—ranging from private companies to government entities—have been compromised by the vulnerability, including high-profile military organizations.
A particularly concerning report comes from the National Nuclear Security Administration (NNSA), which disclosed that its SharePoint 2019 Edition servers had been breached. These compromised servers have reportedly impacted sensitive operations, including the Navy’s nuclear submarine reactor programs. The attack’s ramifications are significant, as the breach has disrupted operations that are integral to the nation’s defense infrastructure.
The nature of the zero-day vulnerability means that once the hacker successfully gains access to a system, they can leverage the exploit to access and exfiltrate sensitive data to remote servers. This raises critical concerns about data security, especially when it involves military and government agencies.
In particular, the risk is amplified for organizations like military agencies that oversee high-security systems—such as nuclear submarine reactors. These agencies hold sensitive information that could be invaluable to adversaries, and data exfiltrated from such systems could provide nation-state actors or advanced persistent threat (APT) groups with intelligence that threatens national security. The repercussions of such breaches could be devastating, potentially giving adversaries access to cutting-edge defense technology, operational blueprints, or classified military strategies.
No Classified Data Reported as Siphoned—Yet
While investigations into the attacks continue, reports have so far indicated that no classified information was compromised or exfiltrated. According to security experts, this could be due to the Microsoft 365 Cloud platform’s robust security measures, which protect a significant portion of global computer networks. Nonetheless, this is a temporary relief, as the fact remains that the vulnerability was exploited, leaving sensitive systems vulnerable to future breaches.
Despite claims from Microsoft that patches have been rolled out to address the vulnerability, experts have raised doubts about the effectiveness of these fixes. It seems that while the company has worked to secure its systems, the zero-day flaw continues to affect organizations across the globe, signaling that the patch may not yet be fully effective in all cases.
Global Impact and Potential Scale of the Attack
The scope of the vulnerability’s impact has become clearer with the help of Shadowserver Foundation, an organization that monitors cyber threats and vulnerabilities. According to their findings, the zero-day attack has predominantly affected both public and private organizations in countries such as Germany and the United States. However, the full scale of the attack remains somewhat unclear—particularly concerning whether it is being executed by a single cybercriminal group or a coordinated effort between multiple threat actors.
The Shodan Research platform, which tracks connected devices across the web, offers a disturbing assessment of the attack’s reach. Their data suggests that more than 8,000 servers may have been impacted by the vulnerability. The affected servers span a broad range of industries, from healthcare and financial institutions to media companies and federal agencies. These sectors, each critical in its own right, are prime targets for cybercriminals seeking to exploit sensitive data for financial gain or geopolitical leverage.
Update- China based Storm 2603, Linen Typhoon along with Violet Typhoon are suspected to be behind the zero-day attack campaign of Microsoft SharePoint servers. And the objective is to install Warlock Ransomware on the compromised MS SharePoint On-premise servers.
Join our LinkedIn group Information Security Community!
