AInvest Newsletter
Daily stocks & crypto headlines, free to your inbox
South African Planning Agency Compromised in SharePoint Hack Attack
ByAinvest
Wednesday, Jul 30, 2025 10:41 am ET5min read
Hackers have targeted the South African Department of Planning, Monitoring and Evaluation, exploiting a vulnerability in Microsoft's SharePoint servers. The department has implemented countermeasures, including software patches from Microsoft. The attacks have affected over 400 government agencies, corporations, and other groups globally, with most victims in the US, Mauritius, Jordan, South Africa, and the Netherlands. Microsoft warned of attacks targeting on-premise SharePoint networks, which is popular in South Africa for document storage and collaboration.
Hackers have targeted the South African Department of Planning, Monitoring and Evaluation, exploiting a vulnerability in Microsoft's SharePoint servers. The department has implemented countermeasures, including software patches from Microsoft. The attacks have affected over 400 government agencies, corporations, and other groups globally, with most victims in the US, Mauritius, Jordan, South Africa, and the Netherlands. Microsoft warned of attacks targeting on-premise SharePoint networks, which is popular in South Africa for document storage and collaboration [1].The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it. The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server [1].
The South African Department of Planning, Monitoring and Evaluation was one of the victims. The department reported that it had implemented countermeasures, including software patches from Microsoft. However, the attacks have affected over 400 government agencies, corporations, and other groups globally. Most victims are in the US, Mauritius, Jordan, South Africa, and the Netherlands [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors
Ainvest News articles are AI-generated using advanced large language model (LLM) technology designed to analyze and synthesize publicly available data and news. While AI tools assist in producing initial drafts and insights, all AI generated content published on Ainvest is subject to comprehensive human editorial review before publication. A designated human editor reviews, verifies, and approves each article for factual accuracy, coherence, and compliance with AInvest Fintech Inc’s editorial and disclosure standards.
Despite these review procedures, the information provided may still contain inaccuracies, incomplete data, or time sensitive references due to the inherent limitations of AI generated analysis and evolving changes. The material is provided strictly for informational and educational purposes and does not constitute personalized investment, legal, or financial advice. Readers should independently verify all facts, figures, and statements before making any decision based on this content.
AInvest Fintech Inc. its affiliates, and partners accept no liability or responsibility for any direct or consequential losses arising from reliance on this content. All articles and analyses are subject to revision, update, or removal without prior notice to maintain accuracy and integrity in our publications.
Comments
No comments yet