Microsoft cyberattack hits 100 organisations, security firms say

By Admin

22 Jul, 2025

In a major cybersecurity development, a zero-day cyber espionage campaign has targeted Microsoft server software, compromising nearly 100 organisations across the globe, according to leading cybersecurity firms. This significant breach, discovered over the weekend, has raised serious concerns across industries and governments alike.

The Nature of the Attack

The attack exploits a zero-day vulnerability in self-hosted Microsoft SharePoint servers platforms extensively used by organisations to manage and share documents internally. The breach does not impact Microsoft-hosted SharePoint services but specifically targets on-premise deployments, allowing hackers to potentially plant backdoors and maintain long-term access to affected networks.

Microsoft issued a public alert on Saturday warning of “active attacks” targeting these self-hosted environments. The cyberattack remains ongoing, and the full extent of the damage is still being assessed.

Discovery by Cybersecurity Experts

The campaign was uncovered on Friday by Eye Security, a Netherlands-based cybersecurity firm, when they identified malicious activity on a client’s server. Partnering with the Shadowserver Foundation, a non-profit organisation that monitors internet security threats, the two firms scanned the internet and confirmed nearly 100 affected organisations before the broader cyber community became aware of the technique.

“It’s unambiguous,” said Vaisha Bernard, Chief Hacker at Eye Security. “Who knows what other adversaries have done since to place other backdoors.” Both organisations refrained from naming the compromised entities, citing confidentiality and notifying the appropriate national authorities.

Scope of the Attack

The Shadowserver Foundation reported that the majority of the victims were located in the United States and Germany, and included various government agencies. According to Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm, the campaign currently appears to be carried out by a single hacking group though that could change rapidly.

The FBI confirmed its awareness of the situation and said it is cooperating with both federal and private-sector partners. Meanwhile, the UK’s National Cyber Security Centre acknowledged a “limited number” of domestic targets. The identities and affiliations of the hackers remain unknown.

A Global Threat

The potential attack surface is alarmingly broad. Using data from Shodan, a search engine for internet-connected devices, researchers estimate that over 8,000 servers globally could be vulnerable. These include servers used by critical sectors such as industrial firms, financial institutions, auditing firms, healthcare providers, and multiple government organisations, including US state-level bodies.

Daniel Card of PwnDefend, a British cybersecurity consultancy, commented, “The SharePoint incident appears to have created a broad level of compromise across a range of servers globally.” He warned that simply applying Microsoft’s patch may not be enough, and that organisations should adopt an “assumed breach” stance and carry out thorough investigations.

Microsoft’s Response and Market Impact

Microsoft responded promptly by releasing security updates and urging customers to apply them without delay. However, experts caution that updating software is only one part of the remediation process in such an advanced attack.

Despite the severity of the incident, Microsoft’s stock remained largely unaffected. As of 3pm New York time (19:00 GMT), shares were up by a mere 0.06%, although they have gained more than 1.5% over the past five trading days.

Final Thoughts

This sweeping cyberattack once again underscores the critical importance of maintaining robust cybersecurity defences especially for organisations that rely on self-hosted infrastructure. With state and private entities alike in the crosshairs, the event serves as a wake-up call for proactive threat monitoring, patch management, and incident response readiness.

As investigations continue and more details surface, organisations across the globe must reevaluate their security posture and remain vigilant against the ever-evolving landscape of cyber threats.