By Reuters
July 23, 2025 – 6:33 AM PDT
WASHINGTON, July 23 – A sweeping cyber-espionage campaign organization centered on vulnerable versions of Microsoft’s (MSFT.O) server software has now claimed about 400 victims, according to researchers at Netherlands-based Eye Security.
The figure, which is derived from a count of digital artifacts discovered during scans of servers running vulnerable versions of Microsoft’s SharePoint software, compares to 100 organizations cataloged over the weekend. Eye Security says the figure is likely an undercount.
“There are many more, because not all attack vectors have left artifacts that we could scan for,” said Vaisha Bernard, the chief hacker for Eye Security, which was among the first organizations to flag the breaches.
The spy campaign kicked off after Microsoft failed to fully patch a security hole in its SharePoint server software, kicking off a scramble to fix the vulnerability when it was discovered. Microsoft and its tech rival, Google owner Alphabet (GOOGL.O), have both said Chinese hackers are among those taking advantage of the flaw. Beijing has denied the claim.
The details of most of the victim organizations have not yet been fully disclosed. Bernard declined to identify them.
Reporting by Raphael Satter; Editing by Jan Harvey and Mark Porter