Microsoft Server Hack Hits 100 Organisations in Global Cyber Espionage Campaign
- tech360.tv

- Jul 22, 2025
- 2 min read
A cyber espionage campaign exploiting a vulnerability in Microsoft’s SharePoint server software has compromised about 100 organisations, according to cybersecurity researchers.

The attack, which Microsoft disclosed on Saturday, targets self-hosted SharePoint servers and does not affect cloud-based versions. The breach leverages a zero-day vulnerability, allowing hackers to infiltrate systems and potentially install backdoors for ongoing access.
Eye Security, a Netherlands-based cybersecurity firm, discovered the campaign on Friday while investigating an incident involving one of its clients. Chief Hacker Vaisha Bernard said an internet scan conducted with the Shadowserver Foundation revealed nearly 100 affected organisations before the hacking method became widely known.
Bernard declined to name the victims but confirmed that national authorities had been notified.
The Shadowserver Foundation corroborated the number of affected organisations, noting that most were located in the United States and Germany. Victims include government entities.
Rafe Pilling, Director of Threat Intelligence at British cybersecurity firm Sophos, said the operation currently appears to be the work of a single hacker or group, though that could change.

Microsoft has released security updates and urged customers to install them.
Google, which monitors internet traffic, linked some of the activity to a China-nexus threat actor. The Chinese Embassy in Washington did not respond to a request for comment. Beijing typically denies involvement in hacking operations.
The FBI confirmed it is aware of the attacks and is working with federal and private-sector partners. Britain’s National Cyber Security Centre reported a limited number of targets in the United Kingdom.
A researcher tracking the campaign said it initially focused on a narrow group of government-related organisations.
The potential scope of the breach is significant. Shodan, a search engine for internet-connected devices, identified over 8,000 potentially vulnerable servers. Shadowserver estimated the number at more than 9,000, cautioning that this is a minimum figure.
Targets include industrial firms, banks, auditors, healthcare providers, and various U.S. state-level and international government bodies.
Daniel Card of British cybersecurity consultancy PwnDefend said the SharePoint vulnerability has led to widespread compromise and warned that simply applying the patch is not sufficient.
About 100 organisations compromised in Microsoft SharePoint server hack
Most victims located in the U.S. and Germany, including government entities
Attack exploits a zero-day vulnerability in self-hosted SharePoint servers
Source: REUTERS


