WASHINGTON, July 23 — A massive cyberespionage operation targeting vulnerable versions of Microsoft software has claimed approximately 400 victims worldwide, according to a report released Wednesday by the Dutch firm Eye Security. The attack, whose scope continues to be revealed, is one of the largest hacks involving Microsoft products in several years.
Researchers identified these victims by analyzing digital traces left on compromised servers, including those running vulnerable versions of Microsoft SharePoint, a platform widely used in businesses for content management and internal collaboration. This data reveals a considerable expansion of the hacking campaign, with initial reports suggesting approximately 100 organizations were affected.
The operation is attributed to an organization specializing in cyberespionage, whose name has not been revealed for security reasons. This entity is believed to have taken advantage of unpatched vulnerabilities to infiltrate sensitive systems, potentially exfiltrating confidential information. Eye Security, however, points out that the 400 victims likely represent only a fraction of the actual total, as many companies and institutions have not yet detected the intrusion.
The Dutch cybersecurity company is urging Microsoft SharePoint users to immediately apply the security patches released by the vendor. Microsoft, for its part, indicated that it is working closely with partners and customers to mitigate risks and strengthen protection of exposed systems.
This attack comes amid a surge in cyberespionage operations worldwide, where software vulnerabilities are routinely exploited before the affected companies are even aware of them. It also raises growing questions about the critical dependence of many public and private services on insufficiently secure digital infrastructure.
