Widespread Breach Stems from Unpatched Server Vulnerability
A large-scale cyber-espionage campaign has exploited a critical vulnerability in Microsoft’s SharePoint server software, affecting at least 400 organizations globally. This surge in compromised systems was reported by Eye Security, a Dutch cybersecurity firm actively investigating the breach. The organization warns the real number may be significantly higher.
Researchers identified the victims by scanning for digital artifacts left behind on compromised servers. However, Vaisha Bernard, chief hacker at Eye Security, noted that not all attack vectors leave detectable traces, suggesting the reported number is likely conservative. The campaign is one of the most extensive espionage operations targeting Microsoft infrastructure in recent years.
Government Agencies Among the Targets
Details about the impacted organizations remain limited, but a spokesperson for the U.S. National Institutes of Health confirmed that one of its servers was breached. Additional servers were taken offline as a precautionary measure. The news raises concerns about the exposure of sensitive government and healthcare data.
The breach follows Microsoft’s failure to completely fix a security flaw in its SharePoint system. The initial patch, released months ago, left exploitable gaps that attackers have since leveraged to gain unauthorized access to internal networks and communications systems across multiple sectors.
Chinese Hackers Suspected, Beijing Denies Involvement
According to statements from both Microsoft and Alphabet, the parent company of Google, Chinese state-sponsored hackers are believed to be among those exploiting the SharePoint vulnerability. These accusations have been firmly denied by Chinese authorities, who dismissed the claims as unfounded and politically motivated.
The growing tension underscores the geopolitical stakes of cybersecurity breaches, particularly when major infrastructure and public institutions are affected. While attribution remains a challenge in the cyber world, the pattern of the attack and tools used point to highly sophisticated threat actors with significant resources.
Race to Contain Damage and Strengthen Defenses
As more victims come forward, cybersecurity teams worldwide are scrambling to identify compromised systems and apply necessary patches. Eye Security and other firms are continuing to scan internet-facing servers to provide early warnings and limit further intrusions. Meanwhile, Microsoft has urged all users of SharePoint to verify that their systems are fully updated and hardened against known exploits.
The campaign highlights the persistent threat posed by incomplete patches and outdated software in corporate and government networks. It also renews calls for improved transparency and quicker response coordination between technology providers and cybersecurity agencies.
