In what cybersecurity experts describe as one of the most extensive cyber-espionage campaigns of the year, hackers exploited a zero-day vulnerability in Microsoft SharePoint to infiltrate hundreds of organizations worldwide. Among the most alarming victims was a nuclear weapons agency, raising global concern over national security implications.
The breach was detected by researchers at Dutch firm Eye Security, who traced digital fingerprints left behind on compromised SharePoint servers. These attacks allowed unauthorized access, data theft, installation of backdoors, and persistence even after some patches were applied.
400+ Victims and Counting
Initially, Eye Security flagged around 100 affected organizations. However, follow-up scans revealed nearly 400 confirmed breaches—and the real number may be much higher. “Not all attack methods leave traces we can detect,” warned Vaisha Bernard, the firm’s lead analyst. Experts believe the campaign has affected sectors as diverse as government, finance, healthcare, manufacturing, and education.
FEMA Violations Worth Rs 1,654 Cr: Myntra Caught By ED Foreign Funds Fraud
The attackers leveraged a zero-day vulnerability tracked as CVE-2025-53770 and CVE-2025-53771, which allowed them full control of unpatched SharePoint servers. The scope of the scan covered more than 8,000 internet-exposed servers globally, making the campaign’s reach significant and ongoing.
Microsoft and CISA Race to Contain the Fallout
In response, Microsoft released an emergency security patch and issued strong advisories for all SharePoint users, especially those running on-premise or legacy systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) quickly added the exploit to its Known Exploited Vulnerabilities list, ordering federal agencies to patch systems by July 21.
Despite the swift action, many servers remain unpatched due to slow rollout and dependency on outdated infrastructure. Experts warn that affected organizations should consider isolating or taking vulnerable servers offline until updates are fully deployed.
Behind the Code: A Shadow Campaign Unfolds
Researchers haven’t publicly named the nation-state or actor behind the campaign, but the coordinated nature and targeted sectors suggest high-level cyber-espionage motives. The ability to infiltrate government systems—including a nuclear weapons agency—indicates a broader geopolitical play.
This incident underscores the rising risks associated with unpatched enterprise software. Despite Microsoft’s regular patch cycles, many organizations delay updates, leaving them vulnerable to exploits like this. The breach not only affects data integrity but also national and economic security on a global scale.