T4K3.news

Serious SharePoint Vulnerability Under Active Exploit

A critical SharePoint exploit has been detected, targeting multiple sectors globally since July 7.

July 22, 2025 at 07:59 AM

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

An active exploit of a SharePoint vulnerability poses significant risks to key infrastructure globally.

Hackers Target Governments and Tech Firms with SharePoint Exploit

A serious vulnerability in Microsoft SharePoint has been actively exploited since July 7, 2025. Check Point Research reports that the first attacks targeted a major Western government and rapidly expanded to include various sectors in North America and Western Europe, notably in telecommunications and software. The attackers, using multiple IP addresses tied to previous exploits, exploit the patched CVE-2025-53770 vulnerability to gain access to sensitive cryptographic keys. These keys allow hackers to maintain ongoing access and execute commands within targeted systems. The advanced nature of the attack raises alarms across multiple nations.

Key Takeaways

✔️

Vulnerability was first exploited on July 7, 2025.

✔️

Attacks have targeted government and tech sectors worldwide.

✔️

Hackers are stealing cryptographic keys for persistent access.

✔️

Multiple IP addresses used indicate organized attack efforts.

✔️

Key management and security updates are critical for protection.

✔️

Experts warn of evolving tactics in cyber threats.

"We're witnessing an urgent and active threat: a critical zero-day in SharePoint on-prem is being exploited in the wild, putting thousands of global organizations at risk."

Lotem Finkelstein emphasizes the gravity of the situation, alerting agencies to the risks at hand.

"This approach significantly complicates detection and forensic recovery, underscoring the threat posed by fileless post-exploitation techniques."

CrowdStrike's assessment points to advanced methods used by attackers to evade detection.

"We assess that at least one of the actors responsible for the early exploitation is a China-nexus threat actor."

Charles Carmakal reveals possible connections to state-aligned hacking groups.

The exploitation of this vulnerability highlights a trend in cybersecurity where attackers increasingly target critical infrastructure. The chain of vulnerabilities being exploited reflects a rapid evolution in tactics, emphasizing the need for organizations to prioritize security updates. As more sectors become vulnerable, the urgency to enhance security measures grows. This situation underscores a pressing reality: even with timely patching, threats may still pose risks if systems are not secured properly or if key management practices are inadequate.

Highlights

A critical zero-day in SharePoint is putting thousands at risk.
Current attacks highlight the evolving tactics of cyber threats.
Timely patching may not be enough without robust security measures.
Hackers are using stolen keys to maintain persistent access.

Immediate Threat from New SharePoint Vulnerability

The ongoing exploitation of SharePoint vulnerabilities poses serious risks to organizations, especially governments and tech firms, requiring urgent security measures and patch management to prevent data breaches.

Prompt action is necessary to mitigate potential widespread breaches across sensitive sectors.

🏷️

sharepoint cybersecurity vulnerability hackers government cybersecurity technology

Enjoyed this? Let your friends know!