• Home
  • cyber
  • Microsoft, Government entities and Government entities: Microsoft cyberattack hits 100 organisations, security firms say
cyber Vulnerability

Microsoft, Government entities and Government entities: Microsoft cyberattack hits 100 organisations, security firms say

Jul 21, 2025 2 min read
Microsoft, Government entities and Government entities: Microsoft cyberattack hits 100 organisations, security firms say

Zero-Day Cyber Espionage Campaign Targets Microsoft SharePoint Servers

A large-scale cyber espionage operation exploiting a previously unknown vulnerability in Microsoft’s self-hosted SharePoint servers has compromised nearly 100 organizations over the past weekend. The attack, classified as a zero-day exploit, allows threat actors to infiltrate vulnerable systems and deploy backdoors for persistent access.

The campaign was uncovered by Netherlands-based cybersecurity firm Eye Security and the Shadowserver Foundation, which identified the breach on Friday before the exploit became widely known. An internet scan revealed that most victims were located in the United States and Germany, with government entities among those affected. While the exact identities of the compromised organizations remain undisclosed, authorities have been notified.

Researchers suggest the attack may be the work of a single hacker or a coordinated group, though the scope could expand as the exploit gains wider attention. Microsoft released security updates on Saturday, urging customers to patch their systems. The FBI and Britain’s National Cyber Security Centre (NCSC) have acknowledged the attacks, with the NCSC reporting a "limited number" of UK targets.

The potential reach of the campaign is significant over 8,000 SharePoint servers remain exposed online, including those belonging to industrial firms, financial institutions, healthcare providers, and government agencies. Security experts warn that simply applying the patch may not be sufficient, as attackers could have already established persistent access.

As of now, the perpetrators behind the attack remain unidentified. Microsoft’s stock showed minimal movement following the disclosure, reflecting muted market reaction to the incident.

Source: https://www.aljazeera.com/economy/2025/7/21/microsoft-cyberattack-hits-100-organisations-security-firms-say

Microsoft in Government cybersecurity rating report: https://www.rankiteo.com/company/microsoft-in-government

Government Digital Service cybersecurity rating report: https://www.rankiteo.com/company/government-digital-service

Microsoft Security Response Center cybersecurity rating report: https://www.rankiteo.com/company/microsoft-security-response-center

"id": "MICGOVMIC1770295299",
"linkid": "microsoft-in-government, government-digital-service, microsoft-security-response-center",
"type": "Vulnerability",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': ['Government',
                                     'Industrial',
                                     'Financial',
                                     'Healthcare'],
                        'location': ['United States',
                                     'Germany',
                                     'United Kingdom'],
                        'type': 'Government entities, industrial firms, '
                                'financial institutions, healthcare '
                                'providers'}],
 'attack_vector': 'Zero-day exploit',
 'date_detected': '2023-10-13',
 'date_publicly_disclosed': '2023-10-14',
 'description': 'A large-scale cyber espionage operation exploiting a '
                'previously unknown vulnerability in Microsoft’s self-hosted '
                'SharePoint servers has compromised nearly 100 organizations '
                'over the past weekend. The attack allows threat actors to '
                'infiltrate vulnerable systems and deploy backdoors for '
                'persistent access.',
 'impact': {'data_compromised': 'Unknown',
            'operational_impact': 'Persistent backdoor access',
            'systems_affected': 'Microsoft SharePoint servers'},
 'initial_access_broker': {'backdoors_established': 'Yes',
                           'entry_point': 'Zero-day exploit in Microsoft '
                                          'SharePoint servers'},
 'investigation_status': 'Ongoing',
 'motivation': 'Espionage',
 'post_incident_analysis': {'corrective_actions': 'Apply security patches, '
                                                  'monitor for persistent '
                                                  'access',
                            'root_causes': 'Unknown vulnerability in Microsoft '
                                           'SharePoint servers'},
 'recommendations': 'Apply Microsoft security updates, monitor for persistent '
                    'access',
 'references': [{'source': 'Eye Security'},
                {'source': 'Shadowserver Foundation'},
                {'source': 'Microsoft Security Update'}],
 'response': {'containment_measures': 'Security patches released by Microsoft',
              'law_enforcement_notified': 'FBI, Britain’s National Cyber '
                                          'Security Centre (NCSC)',
              'remediation_measures': 'Apply Microsoft security updates',
              'third_party_assistance': 'Eye Security, Shadowserver '
                                        'Foundation'},
 'title': 'Zero-Day Cyber Espionage Campaign Targets Microsoft SharePoint '
          'Servers',
 'type': 'Cyber Espionage',
 'vulnerability_exploited': 'Unknown vulnerability in Microsoft SharePoint '
                            'servers'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.