Global Cyber Espionage Campaign Hits Microsoft Servers

A vast cyber espionage campaign has targeted 100 organizations using Microsoft server software, according to Eye Security and Shadowserver Foundation. The operation exploited a vulnerability in self-hosted SharePoint servers. The U.S. and Germany were the most affected, with government organizations among the victims.

Devdiscourse News Desk | Updated: 22-07-2025 03:33 IST | Created: 22-07-2025 03:33 IST

Global Cyber Espionage Campaign Hits Microsoft Servers — This image is AI-generated and does not depict any real-life event or location. It is a fictional representation created for illustrative purposes only.

An extensive cyber espionage campaign has breached around 100 organizations using Microsoft server software, Eye Security and the Shadowserver Foundation reported on Monday.

Labelled a 'zero-day' exploit, the operation affected self-hosted SharePoint servers by exploiting an undisclosed server vulnerability. The attacks predominantly hit the U.S. and Germany, impacting government entities among others.

Security updates have been issued, but it remains uncertain who orchestrated the hack. Google's analysis indicates a possible link to a 'China-nexus threat actor.' Affected organizations include industrial firms and healthcare companies, with over 9,000 potentially compromised servers noted globally.

(With inputs from agencies.)