Microsoft SharePoint flaw exploited in global spy campaign, 400 victims impacted

A far-reaching cyber-espionage campaign exploiting unpatched versions of Microsoft SharePoint server software has compromised around 400 organizations globally, researchers at Netherlands-based cybersecurity firm Eye Security revealed, Reuters reported.

The figure marks a dramatic escalation from the 100 victims initially reported just days earlier and is based on forensic evidence - digital artifacts - found during server scans. However, Eye Security warned that the true scale of the breach could be far larger.

Also Read: Microsoft poaches DeepMind as AI talent war escalates between Copilot and Gemini

"There are many more, because not all attack vectors have left artifacts that we could scan for," Vaisha Bernard, chief hacker at Eye Security told in the report, which was among the first to detect the attacks.

The identities of most victim organizations have not been made public, but a spokesperson for the U.S. National Institutes of Health (NIH) confirmed on Wednesday that one of its servers had been compromised. "Additional servers were isolated for a precaution," the spokesperson said, according to a Washington Post report.

The espionage campaign began when Microsoft failed to fully patch a known security vulnerability in its SharePoint software.

Also Read: Days after axing thousands of jobs, Microsoft says AI helped save over $500 million

The flaw quickly became a target for threat actors, prompting a race among system administrators to implement fixes before their networks were breached.

According to the report, both Microsoft and Google parent Alphabet have pointed to Chinese state-owned hackers as being among those exploiting the flaw. However, Beijing has denied the allegations.

Also Read: Microsoft lays off 830 employees in home state of Washington