At least a dozen Chinese companies currently participate in the 17-year-old MAPP program, which provides cybersecurity vendors with advance notice of vulnerabilities – typically 24 hours before public disclosure, with some trusted partners receiving information up to five days earlier, according to Bloomberg. “On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy, including the NNSA,” a Department of Energy spokesperson confirmed. is investigating whether a leak from its Microsoft Active Protections Program (MAPP) enabled Chinese state-sponsored hackers to exploit critical SharePoint vulnerabilities before patches were fully deployed, according to sources familiar with the matter. The investigation highlights the delicate balance Microsoft faces in sharing vulnerability information with security partners while preventing malicious actors from exploiting advanced knowledge to accelerate attacks. Eye Security, the cybersecurity firm that first detected the attacks, reported more than 400 systems actively compromised across four confirmed waves of exploitation. “The likeliest scenario is that someone in the MAPP program used that information to create the exploits,” said Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, whose company is a MAPP member. The investigation comes as cyber espionage attacks have compromised more than 400 organizations worldwide, including the U.S. National Nuclear Security Administration. As the probe continues, cybersecurity experts warn that the rapid weaponization of these vulnerabilities – from discovery to mass exploitation in just over two months – demonstrates the evolving sophistication and speed of modern cyber threats. Microsoft issued initial patches in July, but MAPP partners were notified of the vulnerabilities on June 24, July 3, and July 7. The National Nuclear Security Administration, responsible for designing and maintaining America’s nuclear weapons stockpile, was among the high-profile victims, though officials say no classified information was compromised. Crucially, Microsoft first observed exploit attempts on July 7 – the same day as the final MAPP notification wave. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Vietnamese researcher Dinh Ho Anh Khoa first demonstrated the SharePoint vulnerabilities in May at the Pwn2Own cybersecurity conference in Berlin, earning $100,000 for his discovery. The cyberattack campaign has affected organizations across multiple sectors, with Microsoft attributing the breaches to three Chinese hacking groups: Linen Typhoon, Violet Typhoon, and Storm-2603. The sophisticated attack chain, dubbed “ToolShell” by researchers, allows hackers to bypass authentication controls and execute malicious code on SharePoint servers.
This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 26 Jul 2025 08:00:17 +0000