Threat actors exploit SharePoint flaws to access internal systems, steal sensitive data, and carry out surveillance, impersonation, and extortion.

A cyber-espionage campaign centered on vulnerable versions of Microsoft's server software now involves the deployment of ransomware, Microsoft said in a late Wednesday blog post.

Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it.

The hackers behind the initial wave of attacks exploiting a zero-day in Microsoft SharePoint servers have so far primarily targeted government organizations, according to researchers and news reports.

Active SharePoint exploits since July 7 target governments and tech firms globally, risking key theft and persistent access.

The incident has reportedly impacted the servers of federal agencies, schools, and energy companies. Some emergency patches have been deployed. On July 19, Microsoft alerted users that it was experiencing an active cyberattack on its SharePoint servers,

Investors are desensitized to cyberattacks and have other issues on their mind ahead of Microsoft’s earnings report next week, analysts say.

A warning has been issued to Microsoft users detailing a cybersecurity flaw that allowed hackers to access its SharePoint servers, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced.

A series of cyberattacks targeting Microsoft collaboration software, specifically SharePoint, have been linked to Chinese hackers and threat actors.