Global Cybersecurity Threat Escalates as Microsoft SharePoint Hack Affects Nearly 100 Organizations
News Mania Desk / Piyal Chatterjee / 22nd July 2025
A serious cybersecurity breach has recently impacted nearly 100 organizations worldwide, as hackers exploited a zero-day vulnerability in Microsoft’s on-premise SharePoint Server. According to researchers and cybersecurity firms like Eye Security and Shadowserver, the incident is already one of the most significant targeted cyber intrusions in recent months, affecting primarily the United States and Germany. The compromised entities include a mix of government agencies, industrial companies, financial institutions, and healthcare providers.
The attack capitalized on a previously unknown flaw in Microsoft’s self-hosted SharePoint Server, allowing cybercriminals to implant persistent backdoors and gain unauthorized access to sensitive systems. Security experts revealed that while roughly 100 organizations have been confirmed as victims, thousands more remain exposed. An estimated 8,000 to 9,000 vulnerable SharePoint servers globally could still be exploited if immediate countermeasures are not taken.
Although full attribution of the cyberattack is still underway, Google’s threat intelligence division suggested involvement of a “China-nexus” hacker group. This aligns with patterns seen in past state-sponsored campaigns aimed at espionage and data theft. However, officials caution that more investigation is needed before a definitive conclusion is drawn.
Microsoft has responded swiftly, issuing emergency patches for SharePoint Server Subscription Edition and SharePoint Server 2019. Patches for the 2016 edition are currently being developed. Authorities in the U.S. and the U.K., including the FBI and the UK’s National Cyber Security Centre, are actively engaged in the investigation.
Cybersecurity analysts emphasize that simply patching the vulnerability may not be sufficient. Organizations are urged to conduct in-depth threat hunting and forensic analysis, as compromised servers might already be hosting other malicious implants or allowing attackers lateral access within networks. As a precaution, experts recommend isolating affected systems, rotating credentials, and fully auditing infrastructure to detect further breaches.The incident echoes the 2021 Exchange Server hack, highlighting ongoing systemic risks in on-premise enterprise software. It serves as a stark reminder for organizations to prioritize not just patching but also proactive monitoring and robust cybersecurity frameworks.
