Over 400 organizations have fallen victim to continuous SharePoint attacks orchestrated by Microsoft
In a rapidly evolving digital landscape, the ongoing Microsoft SharePoint attack has left numerous organizations worldwide grappling with potential security breaches. As of the latest public updates spanning July 20 to July 24, 2025, no international consortium, government agency, or Microsoft itself has released a worldwide count of compromised organizations [1][2][3].
The attack, which commenced on July 17, has affected high-profile victims such as U.S. federal agencies, state agencies, universities, energy companies, and the National Nuclear Security Administration (NNSA) [1][2]. Notably, the NNSA, which maintains America's nuclear weapons, has taken steps to mitigate risk and transition to other offerings as necessary.
The Department of Energy, which widely uses the Microsoft M365 cloud and robust cybersecurity systems, was minimally impacted in the attacks. In contrast, the National Institutes of Health (NIH), the Defense Intelligence Agency, and several components of the Department of Homeland Security (DHS) are confirmed victims [2].
Security researchers from Eye Security observed "dozens of separate servers" compromised immediately after the exploit was detected, but this does not necessarily reflect the total number of organizations affected globally [1]. Microsoft's own communications emphasize that the attack is ongoing, and the "scope and impact continue to be assessed," suggesting that the full extent is not yet known [1][3].
Both Google and Microsoft have blamed Chinese cyberspies and data thieves for the digital intrusions [4]. A proof-of-concept showing how to chain the two vulnerabilities together was released on GitHub, allowing miscreants to bypass authentication and execute malicious code over the network [4].
The software giant confirmed the exploits on July 24 and released fixed versions by late Monday. The security holes affect SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition [4]. Over 400 organizations have been compromised, according to unverified reports, but Microsoft has yet to provide an official count [1][5].
Microsoft warned on July 25 that additional actors may use these exploits, emphasizing the need for organizations to apply the patches promptly [5]. The US Energy Department was among the compromised organizations, but all impacted systems are being restored [1].
As the situation continues to evolve, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) are updating guidance as new information emerges. Organizations are urged to stay vigilant and follow the latest recommendations to protect their systems and data.
- In the ongoing Microsoft SharePoint attack, multiple organizations worldwide, including US federal agencies, state agencies, universities, energy companies, and the National Nuclear Security Administration (NNSA), have been affected.
- The attack, which started on July 17, has also targeted international entities such as the National Institutes of Health, the Defense Intelligence Agency, and several components of the Department of Homeland Security.
- The exact number of compromised organizations is unknown, with Microsoft stating that the scope and impact are still being assessed.
- Security researchers have observed "dozens of separate servers" compromised, but this number might not reflect the total global scale of the attack.
- In response, Microsoft has released fixed versions of the software to address the security holes found in SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition.
- Amidst this evolving situation, organizations across different sectors are advised to stay vigilant, follow the latest recommendations from Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), and apply the patches promptly to protect their systems and data.
