Global Attack on Microsoft Server Software Likely Perpetrated by Single Actor

Web Editor

July 21, 2025

a man standing in front of a colorful wall using a cell phone in his hand and looking at his phone,

Background on the Attack and Its Impact

A global attack targeting Microsoft’s server software, widely used by public organizations and businesses for internal document sharing, may have been orchestrated by a single entity, according to a cybersecurity researcher.

Microsoft’s Response and Security Measures

On Saturday, Microsoft issued an alert regarding “active attacks” on SharePoint servers used by organizations. However, the company clarified that SharePoint Online in Microsoft 365, which is cloud-based, was not affected.

Rafe Pilling, Director of Threat Intelligence at British cybersecurity firm Sophos, stated, “Based on the consistency of the craft observed through the attacks we’ve seen, Friday’s campaign appears to be by a single actor. However, this could change rapidly.” Pilling also noted that the same digital payload was sent to multiple targets.

Microsoft responded by providing security updates and urging clients to install them, according to a spokesperson in an email statement.

Uncertainty Surrounding the Attackers

The identity of the attackers remains unclear. The FBI acknowledged awareness of the attacks on Sunday and stated they are collaborating closely with federal partners and private sector allies, but offered no further details.

The UK’s National Cyber Security Centre did not immediately respond to a request for comment.

Details of the Attack

According to The Washington Post, unidentified agents exploited a vulnerability in recent days to launch a targeted attack against US and international organizations.

Data from Shodan, an internet search engine that helps identify connected devices, suggests over 8,000 online servers could theoretically have been compromised by hackers.

  • Among the affected servers are major industrial companies, banks, auditing firms, healthcare providers, and various US and international government entities.
  • Daniel Card of British cybersecurity consultancy PwnDefend commented, “The incident appears to have compromised a wide range of servers globally.”

Key Questions and Answers

  1. Who is behind the attack? The identity of the attackers remains unclear, with the FBI stating they are aware of the situation and collaborating with partners but offering no further details.
  2. Which Microsoft services were affected? The attack targeted SharePoint servers used by organizations, while SharePoint Online in Microsoft 365 remained unaffected.
  3. How many servers are potentially compromised? Based on data from Shodan, over 8,000 online servers could have been compromised by hackers.
  4. What types of organizations were targeted? The attack affected major industrial companies, banks, auditing firms, healthcare providers, and various US and international government entities.

Truth. Clarity. Context.

We go beyond the headlines to bring you stories that matter, perspectives that challenge, and facts you can trust.

theaztecjournal.com

Lago neuchatel 45

© 2025 THE AZTEC JOURNAL

PRIVACY POLICY terms of service