Microsoft SharePoint victim count hits 400+ orgs in ongoing attacks
- Reference: 1753293938
- News link: https://www.theregister.co.uk/2025/07/23/microsoft_sharepoint_400_orgs/
- Source link:
The Dutch security company on Wednesday [1]reported four waves of attacks beginning July 17 and continuing the following two days, with "multiple waves" beginning July 21.
The US Energy Department - including its National Nuclear Security Administration (NNSA), which maintains America's nuclear weapons - was among those hit.
[2]
A DOE spokesperson confirmed the breach to The Register :
On Friday, July 18th, the exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy, including NNSA. The Department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted DOE systems are being restored. NNSA is taking the appropriate action to mitigate risk and transition to other offerings as appropriate.
In addition to the DOE, other government agencies and critical sectors, including telecommunications and software, have been hit in the ongoing attacks, with a [3]"major Western government" being among the first victims on July 7, according to Check Point Research.
The security holes affect SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. The software giant first confirmed the exploits late Saturday, [4]saying it was "aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update." It then [5]released fixed versions for all three by late Monday.
[6]
The software fixes address remote code execution bug [7]CVE-2025-53770 , which is related to the previously disclosed vulnerability CVE-2025-49704, and [8]CVE-2025-53771 , a security bypass flaw for the previously disclosed CVE-2025-49706. Chaining the two allows miscreants to bypass authentication and execute malicious code over the network. A proof-of-concept showing how to chain the two together was released on GitHub.
Both Google and Microsoft have blamed Chinese cyberspies and data thieves for the digital intrusions, with [9]Redmond warning yesterday: "Additional actors may use these exploits."
[10]Surprise, surprise: Chinese spies, IP stealers, other miscreants attacking Microsoft SharePoint servers
[11]Microsoft patches critical SharePoint 2016 zero-days amid active exploits
[12]Another massive security snafu hits Microsoft, but don't expect it to stick
[13]Microsoft patches under-attack SharePoint 2019 and SE
Microsoft did not immediately respond to The Register 's questions, including about how many organizations have been compromised. We will update this story if and when we receive a response.®
Get our [14]Tech Resources
[1] https://research.eye.security/sharepoint-under-siege/?
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aIZNPdJAbqbT_UXxyh41HQAAAIs&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.theregister.com/2025/07/21/massive_security_snafu_microsoft/
[4] https://www.theregister.com/2025/07/21/infosec_in_brief/
[5] https://www.theregister.com/2025/07/22/microsoft_sharepoint_2016_patch/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIZNPdJAbqbT_UXxyh41HQAAAIs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
[8] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771
[9] https://www.theregister.com/2025/07/22/chinese_groups_attacking_microsoft_sharepoint/
[10] https://www.theregister.com/2025/07/22/chinese_groups_attacking_microsoft_sharepoint/
[11] https://www.theregister.com/2025/07/22/microsoft_sharepoint_2016_patch/
[12] https://www.theregister.com/2025/07/21/massive_security_snafu_microsoft/
[13] https://www.theregister.com/2025/07/21/underattack_sharepoint_2019_and_se/
[14] https://whitepapers.theregister.com/
Re: "... and Microsoft have blamed Chinese cyberspies and data thieves for the digital intrusions"
Yes, but, but...AI....
Re: "... and Microsoft have blamed Chinese cyberspies and data thieves for the digital intrusions"
For 20 twenty years.
Re: "... and Microsoft have blamed Chinese cyberspies and data thieves for the digital intrusions"
I blame Google and MS for scanning all of my data for the NSA.
Re: "... and Microsoft have blamed Chinese cyberspies and data thieves for the digital intrusions"
Imagine being so cynical that you’d hold Microsoft responsible for its shit software and endless vulnerabilities instead of the data thieves and cyberspies!
Re: "... and Microsoft have blamed Chinese cyberspies and data thieves for the digital intrusions"
"but but but AGILE is great! Developers should be facilitated to deliver faster and faster and break things!!"
"but but but all software has bugs and even software that has risk to life uses CAN'T be expected to be bug free!!"
"even if a product is absolutely perfect for everything that you do....you MUST SPEND MONEY on new versions!!! Mamon MUST be PAID!!"
FFS this industry is full of morons and boot lickers who'll forgive anything...mostly software people & MBAs who wouldn't understand the concept of REAL Engineering & creating a GOOD product.
There are TWO things that would make the World a better place.....
Fashion Students spend the 1st month of their courses being beaten with a metal ruler until they understand the concept of standard measurements
MBA's & Software Developers spend a year on a wood working course creating ACTUAL product to understand pride in your work and quality
Re: "... and Microsoft have blamed Chinese cyberspies and data thieves for the digital intrusions"
Yet still M&S jeans exactly the same in one colour fit me, but in another don’t
Re: "... and Microsoft have blamed Chinese cyberspies and data thieves for the digital intrusions"
Did the bad actors hit where it would hurt the most: DOGE?
Worst run organizations list
If you still run ancient sharepoint servers for any particular reason in 2025, you make the list of the worst run organizations on the planet.
Re: Worst run organizations list
"If you still run sharepoint servers for any reason in 2025...."
Fixed that.
Re: Worst run organizations list
What do mean by 'ancient', june this year?
Re: Worst run organizations list
“Ancient” ::= pre-cloud and in this instance pre 365..
There again, given how things have progressed even 365 could be considered “ancient”.
"You want to what? Put the national nuclear missile secrets into a SharePoint exposed to the Internet? Oh yeah sure, I reckon that will be fine. Go for it. What's the worst that could happen?".
Worse
They do not handle the missile, they do the warheads.
Re: Worse
Nothing important then.
Sharepoint has always been terrible. The hacking does not really make it any worse.
Naive? Gullible? Is there a difference?
I am (almost) always astonished at how easily and eagerly People and Organizations fall for utter BS, such as "secure cloud" services.
Or, anything from Microsoft, I guess.
Re: Naive? Gullible? Is there a difference?
To be fair, this vuln specifically did not impact their cloud versions, just their on-prem offerings...
"... and Microsoft have blamed Chinese cyberspies and data thieves for the digital intrusions"
Maybe Microsoft should shift the blame to itself instead. Haven't they cut their QA and other staff drastically?