A sophisticated cyberespionage campaign compromised approximately 100 organizations worldwide over the weekend, cybersecurity researchers revealed Monday. According to information shared by the Shadowserver Foundation and other industry experts, the hackers exploited a previously unknown vulnerability in Microsoft's SharePoint software, which is widely used by businesses and institutions for internal document management and sharing.
The attack primarily targeted entities located in the United States and Germany, including government agencies, technology companies, and potentially critical infrastructure. Microsoft confirmed on Saturday the existence of "active attacks" exploiting a vulnerability in self-hosted SharePoint servers, prompting an emergency security alert.
Researchers fear that the flaw, now made public, could quickly be exploited by other malicious groups. "Thousands of organizations could be vulnerable if they do not immediately apply security patches," warned the Shadowserver Foundation, which helped identify the scale of the attack.
The modus operandi suggests a cyberespionage operation rather than financially motivated cybercrime. According to the initial technical evidence available, the intrusions allowed hackers to extract confidential data through covert access without disrupting the compromised systems. Analysts suggest the possibility of a state actor behind the campaign, although no official attribution has yet been made.
Microsoft, which has urgently deployed a patch, is urging all organizations using SharePoint on-premises to immediately update their systems and check access logs for potential intrusions. The company says it is working closely with relevant cybersecurity agencies.
This latest incident further highlights the continued vulnerability of enterprise software to increasingly sophisticated digital threats. It comes as Microsoft is already under pressure following several major security breaches in recent months, including an attack on cloud services targeting US government officials.
As the investigation progresses, experts fear the attack is only the tip of the iceberg. Investigations are underway to determine the extent of the damage and identify other potential targets in an increasingly exposed global digital landscape.
