00:00A zero-day attack on Microsoft SharePoint servers has just blindsided government agencies worldwide, and the scale is staggering.
00:07Starting Friday evening, July 18th, hackers began exploiting a critical vulnerability in SharePoint, CCHEN, the collaboration software that millions of organizations rely on daily.
00:18Think of it as digital skeleton keys that unlock sensitive government and corporate systems.
00:24The damage is already extensive. At least 85 servers across 29 organizations have been compromised, including U.S. federal and state agencies, universities, and energy companies.
00:34The vulnerability, tracked as CVE 2000 and 2553,770, scores a devastating 9.8 out of 10 on the severity scale.
00:45What makes this attack particularly insidious is the method.
00:49Hackers have stolen cryptographic secrets that allow them to forge legitimate-looking commands, making detection nearly impossible.
00:56Even after patching, organizations remain vulnerable unless they manually rotate these compromised keys.
01:03Now, whilst no Chinese government connection has been confirmed for this specific attack, the pattern is eerily familiar.
01:10Microsoft has repeatedly fallen victim to Chinese state actors.
01:15From the breach of Commerce Secretary Gina Raimondo's emails to the massive Hapnium campaign that compromised thousands of Exchange servers globally.
01:24Microsoft scrambled to release emergency patches over the weekend.
01:27And CISA is urging immediate action from all organizations running on-premise SharePoint servers.
01:33But security researchers warn that thousands more servers remain at risk.
01:37This attack demonstrates how quickly zero-day vulnerabilities can cascade into global security crises,
01:43leaving critical infrastructure exposed and governments scrambling for answers.
