The number of companies and organizations compromised by a security vulnerability in Microsoft Corp.\u2019s SharePoint servers is increasing rapidly, with the tally of victims soaring more than six-fold in a few days, according to one research firm.<\/p>\n\n\n\n
Hackers have breached about 400 government agencies, corporations and other groups, according to estimates from Eye Security, the Dutch cybersecurity company that identified an early wave of the attacks last week. <\/p>\n\n\n\n
That\u2019s up from roughly 60 based on its previous estimate provided to Bloomberg News on Tuesday.<\/p>\n\n\n\n
The security firm said that most of the victims are in the US, followed by Mauritius, Jordan, South Africa and the Netherlands. <\/p>\n\n\n\n
The National Nuclear Security Administration, the US agency responsible for maintaining and designing the nation\u2019s cache of nuclear weapons, was among those breached, Bloomberg reported earlier.\u00a0<\/p>\n\n\n\n
The National Institutes of Health was also impacted through the SharePoint flaws, according to a person familiar with the matter. <\/p>\n\n\n\n
Andrew Nixon, a spokesperson for the Department of Health and Human Services, said, \u201cThe Department and its security teams are actively engaged in monitoring, identifying, and mitigating all risks to our IT systems posed by the Microsoft SharePoint vulnerability.\u201d<\/p>\n\n\n\n
\u201cAt present, we have no indication that any information was breached as a result of this vulnerability,\u201d he said, adding that the department is collaborating with Microsoft and the US Cybersecurity and Infrastructure Security Agency. <\/p>\n\n\n\n
The Washington Post previously reported that NIH was breached.<\/p>\n\n\n\n
And South Africa\u2019s National Treasury said it was seeking help from Microsoft after discovering malware on its network, but added that its systems and websites were operating normally.<\/p>\n\n\n\n
The hacks are among the latest major breaches that Microsoft has blamed, at least in part, on China and come amid heightened tensions between Washington and Beijing over global security and trade. <\/p>\n\n\n\n
The US has repeatedly criticized China for campaigns that have allegedly stolen government and corporate secrets over a period spanning decades.<\/p>\n\n\n\n
The real number of victims from the SharePoint exploits \u201cmight be much higher as there can be many more hidden ways to compromise servers that do not leave traces,\u201d Eye Security\u2019s co-owner Vaisha Bernard said in an email to Bloomberg News. <\/p>\n\n\n\n
\u201cThis is still developing, and other opportunistic adversaries continue to exploit vulnerable servers.\u201d<\/p>\n\n\n\n
The organizations compromised in the SharePoint breaches include many working in government, education and technology services, Bernard said. There were smaller numbers of victims in countries across Europe, Asia, the Middle East and South America.<\/p>\n\n\n\n
State-backed hackers tend to exploit major cybersecurity weaknesses, like the SharePoint vulnerability, in waves, according to Sveva Scenarelli, a threat analyst with Recorded Future Inc. <\/p>\n\n\n\n
They start with secretive, targeted hacks and then, once the vulnerability is discovered, will begin using it more indiscriminately, she said.<\/p>\n\n\n\n
\u201cOnce access has been acquired, individual threat groups can then triage compromised organizations, and prioritize those of particular interest for follow-on activity,\u201d said Scenarelli, of the cyber intelligence firm\u2019s Insikt Group. <\/p>\n\n\n\n
She said this can include finding ways to maintain access to a compromised network, burrowing deeper and setting up paths to steal sensitive information.<\/p>\n\n\n\n
US Treasury Secretary Scott Bessent, who is set to meet his Chinese counterparts in Stockholm next week for a\u00a0third round<\/a>\u00a0of trade talks, suggested in a Bloomberg Television interview Wednesday that the SharePoint hacks will be discussed.<\/p>\n\n\n\n \u201cObviously things like that will be on the agenda with my Chinese counterparts,\u201d he said.<\/p>\n\n\n\n The security flaws allow hackers to access SharePoint servers and steal keys that can let them impersonate users or services, potentially enabling deep access into compromised networks to steal confidential data.<\/p>\n\n\n\n Microsoft has issued patches to fix the vulnerabilities, but researchers cautioned that hackers may have already got a foothold into many servers.<\/p>\n\n\n\n Microsoft on Tuesday accused Chinese state-sponsored hackers known as Linen Typhoon and Violet Typhoon of being behind the attacks. Another hacking group based in China, which Microsoft calls Storm-2603, also exploited them, according to the company.<\/p>\n\n\n\n The Redmond, Washington company has repeatedly blamed China for major cyberattacks. In 2021, an alleged Chinese operation compromised tens of thousands of Microsoft Exchange servers. <\/p>\n\n\n\n