Recent ToolShell zero-day attacks exploited vulnerabilities in Microsoft SharePoint Server, impacting numerous organizations including US government agencies. Threat actors, including Chinese state-sponsored groups, targeted these vulnerabilities to carry out cyberespionage and ransomware attacks. #ToolShell #MicrosoftSharePoint #ChineseStateSponsored #Cyberespionage #Ransomware
Keypoints
- ToolShell zero-day vulnerabilities were exploited to hack SharePoint servers since early July.
- Over 400 SharePoint Server instances across multiple organizations have been compromised.
- Major US government agencies, including DHS and NIH, were targeted in these attacks.
- Chinese state-sponsored groups, Linen Typhoon and Violet Typhoon, are involved in the campaigns.
- Microsoft has released patches, but exploitation of the vulnerabilities continues, with some bypassing mitigations.