July 22, 2025 — GLOBAL —
A large-scale cyberattack targeting Microsoft server software has compromised nearly 100 organizations, including government agencies, according to cybersecurity firms involved in the investigation. The attack, identified as a “zero-day” exploit, allowed threat actors to silently infiltrate vulnerable systems without prior detection.
Microsoft issued an official security advisory on July 19, confirming that its on-premise server software used for internal file-sharing was under active attack. However, SharePoint Online, the cloud-based version hosted on Microsoft 365, was not affected, the company clarified.
Unknown Vulnerability Exploited
This breach was made possible by a previously undiscovered software flaw, which attackers used to gain access to critical systems. The zero-day nature of the attack meant there was no available patch or public awareness of the vulnerability before it was exploited.
Security experts warn that the attackers may have also installed backdoor programs, potentially allowing long-term, covert access to infected networks.
Discovery and Ongoing Investigation
The breach first came to light on July 18, when Vaisha Bernard, chief hacker at Dutch cybersecurity firm Eye Security, identified an intrusion affecting one of their clients. In collaboration with the Shadowserver Foundation, a broader scan of internet-connected servers revealed close to 100 confirmed victims.
While Bernard did not disclose the names of the compromised organizations, he confirmed that relevant national cybersecurity authorities had been notified immediately.
The Shadowserver Foundation, a nonprofit cybersecurity organization, later verified that most affected entities are located in the United States and Germany, and several of them are believed to be government institutions.
Risk Mitigation and Warnings
Cybersecurity professionals are urging organizations using Microsoft’s on-premise server tools to apply any available security updates and limit external access to vulnerable systems until a permanent fix is issued.
Experts continue to monitor the situation closely, warning that the number of affected systems may rise as more organizations become aware of the breach.
Microsoft has not yet disclosed details on the origin of the attack or the identities of the hackers involved but is actively working with security agencies to develop a response.
