So far, hackers behind the original wave of Microsoft SharePoint served the zero -day attacks have mainly targeted state organizations, researchers and news reports.
US cyber security agency CISA published an alarmVerifying that hackers used previously unknown mistakes-which is known as the “zero day”-Microsoft company in SharePoint. Although there are still final conclusions at an early stage, it seems that hackers who started this deficiency were directed at government organizations, Silas Cutler, a chief researcher at Censys, Censys, a Censys chief researcher, who monitors hacking on the Internet.
“It seems that the original abuse was a narrow target,” Cutler told Techcrunch. “Probably related to the government.”
“This is a fairly rapidly evolving case. The original utilization of this vulnerability was probably quite limited in targeting, but when more attackers learn to repeat abuse, we are likely to see violations as a result of this case,” Cutler said.
Please contact us
Do you have more information about these SharePoint attacks? We would like to hear from you. You can contact Lorenzo Franceschi-Bicchierai safely with a signal +1 917,257 1382 or by telegram and Keybase @lorenzofb or email from the non-working device and network.
Now that the vulnerability is there, and Microsoft is still not completely corrected, it is possible that other hackers who may not work for the government, are related and begin to abuse it, Cutler said.
Cutler added that he and his colleagues see 9,000 to 10,000 vulnerable SharePoints available on the Internet, but it may change. Eye safety that first published an error in existenceReporting to see a similar number by saying that its researchers scanned over 8,000 SharePoint servers around the world and found evidence of dozens of endangered servers.
Given a limited number of items and target types at the beginning of the campaign, Cutler explained, it is likely that hackers were part of a group of government, known as a generally advanced continuous threat.
TechCrunch event
San Francisco
And
27.-29. October 2025
Washington Post reports On Sunday, attacks were targeted at the federal and state agencies of the United States, including universities and energy companies, including commercial sites.
Microsoft said in a blog message The fact that the vulnerability only affects the SharePoint versions installed on local networks, not the cloud versions, which means that every organization that enables the SharePoint server must apply or detach it from the Internet.
