Threat actors exploit SharePoint flaws to access internal systems, steal sensitive data, and carry out surveillance, impersonation, and extortion.

Hackers in recent weeks have exploited flaws in SharePoint, a document management system developed by Microsoft Corp., to try to steal sensitive data from hundreds of victims.

Last year, the Department of Homeland Security released a scathing report detailing Microsoft’s mistakes during a 2023 hack in which China stole thousands of emails from top government officials. Two years before that, China-linked cyberattackers compromised more than 250,000 Microsoft Exchange servers.

A cyber-espionage campaign centered on vulnerable versions of Microsoft's server software now involves the deployment of ransomware, Microsoft said in a late Wednesday blog post.

Microsoft blamed two Chinese nation-state actors for exploiting recently discovered security flaws in SharePoint to infiltrate vulnerable organizations, like schools, state governments, and the U.S. government’s top nuclear security agency.

Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it.

A significant flaw in a widely used Microsoft product allowed multiple Chinese-linked hacking groups to breach dozens of organizations across the globe and at least two U.S. federal agencies.

Microsoft Corp. said a Chinese hacking group is exploiting security vulnerabilities in the company’s SharePoint servers to deploy ransomware, following a cyberattack discovered last week that has affected hundreds of entities around the world.