Microsoft SharePoint Breach: Over 400 Victims Worldwide
ByAinvest
Thursday, Jul 24, 2025 6:51 am ET1min read
MSFT--
The vulnerability, identified as CVE-2025-49706 and CVE-2025-49704, allows attackers to access SharePoint servers and steal keys that can enable deep access into compromised networks. Microsoft has issued patches to address these vulnerabilities, but the extent of the damage is still being assessed. The company has blamed China for the attacks, with several Chinese state-sponsored hacking groups, including Linen Typhoon and Violet Typhoon, exploiting the vulnerabilities [1].
Eye Security, a Dutch cybersecurity firm, initially detected the attacks last week and has since reported that at least 400 servers have been infected with malware, with 148 organizations worldwide breached. The majority of victims are in the US, with significant numbers also reported in Mauritius, Jordan, South Africa, and the Netherlands [2].
The NNSA confirmed that its networks were breached, but it has not yet found evidence that sensitive or classified information was compromised. The NIH was also impacted, and the Department of Health and Human Services is actively monitoring and mitigating the risks posed by the vulnerability [2].
Microsoft has warned customers to apply the on-premises SharePoint Server security updates immediately and follow the detailed mitigation guidance provided in their blog. The company has also linked the Linen Typhoon and Violet Typhoon Chinese state-backed hacking groups with these attacks [1].
The US government and private organizations are collaborating to address the issue, with the Department of Health and Human Services and the US Cybersecurity and Infrastructure Security Agency (CISA) working together to mitigate the risks. The real number of victims may be higher, as the attacks are ongoing and the vulnerability has been exploited in waves by state-backed hackers [2].
References:
[1] https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-servers-also-targeted-in-ransomware-attacks/
[2] https://finance.yahoo.com/news/tally-microsoft-victims-surges-400-135818559.html
A security vulnerability in Microsoft's SharePoint servers has led to over 400 breaches, mostly in the US, Mauritius, Jordan, South Africa, and the Netherlands. The National Nuclear Security Administration and National Institutes of Health were also affected. The real number of victims may be higher, and state-backed hackers are exploiting the vulnerability in waves.
A significant security vulnerability in Microsoft's SharePoint servers has led to over 400 breaches, predominantly in the United States, Mauritius, Jordan, South Africa, and the Netherlands. The National Nuclear Security Administration (NNSA) and the National Institutes of Health (NIH) were among the affected entities. The real number of victims may be higher, as the attacks are ongoing and the vulnerability has been exploited in waves by state-backed hackers.The vulnerability, identified as CVE-2025-49706 and CVE-2025-49704, allows attackers to access SharePoint servers and steal keys that can enable deep access into compromised networks. Microsoft has issued patches to address these vulnerabilities, but the extent of the damage is still being assessed. The company has blamed China for the attacks, with several Chinese state-sponsored hacking groups, including Linen Typhoon and Violet Typhoon, exploiting the vulnerabilities [1].
Eye Security, a Dutch cybersecurity firm, initially detected the attacks last week and has since reported that at least 400 servers have been infected with malware, with 148 organizations worldwide breached. The majority of victims are in the US, with significant numbers also reported in Mauritius, Jordan, South Africa, and the Netherlands [2].
The NNSA confirmed that its networks were breached, but it has not yet found evidence that sensitive or classified information was compromised. The NIH was also impacted, and the Department of Health and Human Services is actively monitoring and mitigating the risks posed by the vulnerability [2].
Microsoft has warned customers to apply the on-premises SharePoint Server security updates immediately and follow the detailed mitigation guidance provided in their blog. The company has also linked the Linen Typhoon and Violet Typhoon Chinese state-backed hacking groups with these attacks [1].
The US government and private organizations are collaborating to address the issue, with the Department of Health and Human Services and the US Cybersecurity and Infrastructure Security Agency (CISA) working together to mitigate the risks. The real number of victims may be higher, as the attacks are ongoing and the vulnerability has been exploited in waves by state-backed hackers [2].
References:
[1] https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-servers-also-targeted-in-ransomware-attacks/
[2] https://finance.yahoo.com/news/tally-microsoft-victims-surges-400-135818559.html
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PROEditorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process.
While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context.
Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue
Comments
No comments yet