The hackers behind the first wave of attacks operating a Zero-Day in Microsoft SharePoint servers have so far mainly targeted government organizations, according to researchers and also News reports.
At the weekend CISA CyberSecurity Agency a warning publishedWarning that hackers used a previously unknown bug known as a “zero-day”-in Microsoft’s Enterprise Data Management Product SharePoint. Although it is still early to draw definitive conclusions, it seems that the hackers who started abusing this error for the first time focus on government organizations, according to Silas Cutler, the most important researcher at Censys, a cyber security company that monitors hacking activities on the internet.
“It seems that the initial exploitation was against a narrow series of goals,” Cutler told Techcrunch. “Probably government related.”
“This is a fairly quickly evolving case. The first exploitation of this vulnerability was probably reasonably limited in terms of targeting, but as more attackers learn to replicate exploitation, we will probably see infringements as a result of this incident,” said Cutler.
Contact us
Do you have more information about this SharePoint attacks? We would like to hear from you. From a non-work equipment and network you can contact Lorenzo Franceschi-Bicchierai Veilig on Signal on +1 917 257 1382, or via Telegram and Keybase @lorenzofb or e-mail.
Now that the vulnerability there is, and is still not fully patched by Microsoft, it is possible that other hackers who do not necessarily work for a government, participate and start abusing, Cutler said.
Cutler added that he and his colleagues see between 9,000 and 10,000 vulnerable SharePoint agencies that are accessible from the internet, but that can change. Eye protection, which first published the existence of the bugReported seeing a similar number and said that his researchers worldwide scanned more than 8,000 SharePoint servers and found evidence of dozens of compromised servers.
Given the limited number of goals and the types of goals at the start of the campaign, Cutler explained, it is likely that the hackers were part of a government group, generally known as an advanced persistent threat.
Techcrunch event
San Francisco
|
27-29 October 2025
The Washington Post reported On Sunday, the attacks focused on American federal and government agencies, as well as universities and energy companies, in addition to other commercial goals.
Microsoft said in a blog post That vulnerability only influences versions of SharePoint that are installed on local networks, and not in the cloud versions, which means that every organization that implements a SharePoint server must apply the patch or to be broken from the internet.
#Hackers #SharePoint #ZeroDay #aimed #government #agencies #researchers #Techcrunch