Chinese government-affiliated hacking groups leveraged a zero-day exploit affecting on-premises SharePoint installations to infiltrate over 50 organizations, including the agency responsible for maintaining the Navy’s nuclear submarine reactors. According to a Bloomberg news report, the attack vector exploited a deserialization vulnerability combined with an authentication bypass flaw, both of which were initially demonstrated at the Pwn2Own Vancouver hacking contest in May 2024. Organizations running on-premises SharePoint environments are advised to immediately apply Microsoft’s security updates and conduct comprehensive incident response assessments to identify potential compromise indicators. The company’s Security Response Center (MSRC) issued critical security bulletins urging immediate patch deployment, emphasizing the CVSS 9.8 severity rating assigned to this exploit chain. The exploit chain enables threat actors to gain unauthorized access to SharePoint servers, extract sensitive data, harvest user credentials, and potentially pivot to connected network infrastructure. The vulnerability, affecting SharePoint Server versions 2019 and Subscription Edition, allows attackers to bypass authentication mechanisms and execute arbitrary code on target systems. Cybersecurity experts warn that the sophisticated nature of this attack demonstrates the evolving capabilities of advanced persistent threat (APT) groups in exploiting zero-day vulnerabilities before vendors can develop patches. Chinese hackers breached US Nuclear Security Administration via SharePoint zero-day exploit. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 23 Jul 2025 10:55:06 +0000