Cyber Security, Security News

Microsoft SharePoint Cyberattack on 21 July 2025

Photo of author

By Muhammad Hussain

Thousands of companies all over the world are on high alert after Microsoft SharePoint servers became the target of a persistent cyberattack on 21 July 2025. Self-hosted SharePoint customers including companies and government agencies have been informed by the FBI and Cyber Centre in Canada to take action on a priority basis, as nearly 100 victims have already been reported from the United States, Germany, and other countries.

Google and Microsoft security researchers have established that the SharePoint vulnerability (CVE-2025-53770) is under active exploitation by China-sponsored hacking teams, such as Linen Typhoon, Violet Typhoon, and Storm-2603.

These actors are hacking into self-hosted SharePoint servers and stealing sensitive private keys, while depositing malware and accessing internal networks for espionage and ransomware attacks. Microsoft said that the attacks had been launched since July 7, 2025, and already dozens of organizations, including government agencies, had been targeted.

Microsoft has finally released security patches for all vulnerable SharePoint versions, but the experts advise that businesses operating on-premises servers should presume possible compromise and act urgently.

By taking advantage of a severe vulnerability (CVE2025-53770) in on-premises Microsoft SharePoint servers, the attack enables hackers to remotely run malicious code. Whereas SharePoint Online in Microsoft 365 (cloud) is not impacted, companies with self-hosted servers are extremely susceptible to data breaches and persistent backdoors.

This massive cyber-attacks highlights the rising threat from supply chain and infrastructural attacks and underscores the critical need for proactive cybersecurity measures to secure key communications equipment.

What Happened During the SharePoint Cyberattack

Microsoft and the Cybersecurity Centre of Canada released a security advisory on 21 July, 2025, about ongoing exploitation that is aimed at on-premises Microsoft SharePoint servers. CVE2025-53770 untrusted data deserialization, permits an unauthorized attacker to run malicious code over a network.

The exploitation is aimed at self-hosted SharePoint deployments that most large firms and government organizations tend to use for internal cooperation and document sharing.

  • Nearly 100 hijacked companies were initially detected by an online scan carried out by the Shadowserver Foundation; the majority of the victims were found in Germany and the United States.
  • The FBI reported that the attacks are under investigation and coordinated with government and private sector partners.
  • After being hacked, attackers would be in a position to establish backdoors for long-term illegal access to sensitive systems, cybersecurity experts warned.

Microsoft clarified that this flaw does not affect SharePoint Online in Microsoft 365 cloud services. Businesses running on-premises servers, however, need to apply security updates at once to prevent continued attempts to exploit it.

This attack serves as an example of how quickly business collaboration tools can become lucrative attack points if security updates are protracted.

Quick Link: Google Service Outage on 18 July 2025

Cybersecurity Risks and Lessons for Organizations

The SharePoint cyberattack in July 2025 is a harsh reminder of the vulnerabilities of the most important business tools and government platforms to exploitation. A single unchecked vulnerability in a broadly used platform has the potential to result in gigantic breaches.

Major Threats Revealed by the Breach:

  • As they contain sensitive corporate and governmental information, enterprise collaboration software is a target of choice.
  • Delayed patching gives attackers seeking vulnerability an upper hand.
  • Even with secure software like Microsoft SharePoint, supply chain and dependency problems exist.
  • Backdoors and long-term compromise may result from exploited vulnerabilities.

Lessons and Recommendations for Organizations:

  • Periodic real-time scanning for vulnerabilities and stringent patch management.
  • Periodic security audits of all on-premises-installed software.
  • Incident response plan to immediately detect, segregate, and recover from breaches.
  • Alternative to migrate to secure cloud-hosted versions, which benefit from ongoing vendor-monitored security patches.

This event necessitates collective responsibility on the part of software companies and organizations. Microsoft provides fixes, but it is up to the organization to apply them in a timely fashion in order to maintain security.

Strengthening Cyber Defenses for the Future

The July 2025 SharePoint attack is a stark reminder that no system can be completely secure without vigilant attention. Ongoing updates, active monitoring, and more robust security practices are the only means to stay ahead of dynamic cyber threats.

Stay updated with our cybersecurity insights.

If you’re passionate about tech, networks, and digital infrastructure, Write for Us and share your voice with our audience.

FAQs

How did attackers exploit the vulnerability?

They used a flaw that allowed deserialization of untrusted data, enabling remote code execution on vulnerable servers.

How do organizations defend their SharePoint servers?

Install the latest security patches promptly, monitor unusual activity, and perform regular vulnerability scans.

What is Site-to-Site VPN? Complete Guide

What is Attack Surface Management? Complete Guide