Microsoft has disclosed that a critical vulnerability in its SharePoint server is now being exploited to launch ransomware attacks, signaling a sharp escalation in an ongoing cyber-espionage campaign. At least 400 organizations, including major US federal entities, are impacted as state-aligned threat actors weaponize enterprise software flaws for disruptive purposes.

Microsoft has confirmed a significant escalation in a cyber-espionage campaign exploiting its SharePoint server vulnerability, with attackers now deploying ransomware as part of the attack vector. The campaign, which has compromised over 400 organizations globally, marks a serious shift from surveillance-focused intrusions to outright operational disruption.

The campaign is attributed to a threat group tracked internally by Microsoft as “Storm-2603.” While initially framed as a traditional cyber-espionage operation, new intelligence indicates the use of ransomware payloads—a development that transforms the attack from one targeting information theft to one capable of paralyzing critical systems for ransom payments.

Also Read: Widespread Chaos: Microsoft Cyberattack Targets 100 Organizations

Microsoft, which disclosed the details in a technical blog post, noted that the attackers are exploiting a previously unpatched security flaw in SharePoint. This vulnerability created an entry point for deeper infiltration across enterprise networks.

The implications are severe. Ransomware not only compromises data confidentiality but also strikes at business continuity, financial operations, and infrastructure resilience. Experts suggest that the switch from espionage to extortion tactics may reflect growing opportunism by state-aligned or proxy actors who seek both strategic and financial gain.

At the core of the incident lies the unpatched enterprise software—a recurring risk in corporate IT environments. The flaw in question had triggered urgency within Microsoft’s incident response ecosystem, but the late identification of active ransomware deployment has amplified the fallout.

A representative from the US National Institutes of Health confirmed their systems were among those compromised. Several other federal agencies are reportedly affected, though full details remain undisclosed. In response, affected servers have been isolated, and containment measures are underway across multiple data centers.

Also Read: Microsoft’s Post-Layoff AI Controversy Sparks Global Debate

The surge in affected organizations—from 100 identified victims over the weekend to over 400 currently—suggests the scope is much broader than initially assessed. Analysts warn that the real count may be substantially higher due to limited forensic visibility across all attack vectors.

Microsoft has not yet provided detailed attribution or a breakdown of affected sectors but reaffirmed its commitment to enhancing SharePoint security and issuing updates for broader threat mitigation.

This incident highlights a growing trend where enterprise vulnerabilities become high-value targets for geopolitical and economic disruption. It also underscores the need for urgent enterprise patching practices and proactive cybersecurity frameworks.

READ MORE ON

Read the full article here: 400 Victims and Counting—What’s Microsoft Not Saying? — For more updates, visit Wittiya – Top Business News, Stock Market Insights & Financial Updates (Wittiya).

Microsoft has issued a critical security update after a zero-day vulnerability in SharePoint software was found to be under active exploitation. The flaw threatens businesses and U.S. government entities using unpatched versions, especially SharePoint Server 2016, prompting urgent action from cybersecurity agencies.

In a significant cybersecurity development, Microsoft has released an emergency patch addressing a critical zero-day vulnerability in its SharePoint software, after confirming that hackers had already exploited the flaw. The company issued the fix between July 19 and 20, targeting SharePoint Server 2019 and the SharePoint Server Subscription Edition, with a pending update for older SharePoint Server 2016 installations.

The breach has raised serious concerns across the U.S., where government entities and private businesses widely deploy Microsoft SharePoint as part of their enterprise collaboration frameworks. This zero-day vulnerability—so named because it was discovered and exploited before a patch became available—allowed threat actors unauthorized access to unpatched SharePoint servers.

Cybersecurity experts have stressed the financial and operational risks of not addressing such vulnerabilities promptly. While the immediate impact remains unquantified, the potential breach of sensitive organizational data could result in regulatory penalties, reputational damage, and operational disruption.

Microsoft’s guidance urges all users to immediately update their servers or, where patching isn’t feasible, disconnect them from the internet entirely. The advisory particularly highlights that SharePoint Server 2016 remains vulnerable, and system administrators must remain vigilant until an update is released.

This incident further highlights the increasing frequency of supply chain and infrastructure-targeted attacks. As U.S. enterprises accelerate digital transformation, their reliance on platforms like SharePoint also increases their exposure to emerging cyber threats.

In light of the threat, analysts have reiterated the need for enterprises to incorporate proactive risk management strategies—such as regular patch management, endpoint monitoring, and robust incident response protocols—into their IT security governance.

As Microsoft continues efforts to close the gap on its older platforms, this event underscores the importance of enterprise agility in cybersecurity response and reinforces that in the digital economy, security is not a feature—it is an imperative.

Read the full article here: Widespread Chaos: Microsoft Cyberattack Targets 100 Organizations — For more updates, visit Wittiya – Top Business News, Stock Market Insights & Financial Updates (Wittiya).