{"id":681005,"date":"2025-07-22T14:50:18","date_gmt":"2025-07-22T11:50:18","guid":{"rendered":"https:\/\/buradabiliyorum.com\/en\/hackers-exploiting-sharepoint-zero-day-seen-targeting-government-agencies\/"},"modified":"2025-07-22T14:50:18","modified_gmt":"2025-07-22T11:50:18","slug":"hackers-exploiting-sharepoint-zero-day-seen-targeting-government-agencies","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/hackers-exploiting-sharepoint-zero-day-seen-targeting-government-agencies\/","title":{"rendered":"Hackers exploiting SharePoint zero-day seen targeting government agencies"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a26d7ca4ea23\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a26d7ca4ea23\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/hackers-exploiting-sharepoint-zero-day-seen-targeting-government-agencies\/#Contact_Us\" >Contact Us<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">The hackers behind the initial wave of attacks exploiting a zero-day in Microsoft SharePoint servers have so far primarily targeted government organizations, according to researchers and <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> reports.<\/p>\n<p class=\"wp-block-paragraph\">Over the weekend, U.S. cybersecurity agency CISA <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">published an alert<\/a>, warning that hackers were exploiting a previously unknown bug \u2014 known as a \u201czero-day\u201d \u2014 in Microsoft\u2019s enterprise data management product SharePoint. While it\u2019s still too early to draw definitive conclusions, it <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears that the hackers who first started abusing this flaw were targeting government organizations, according to Silas Cutler, the principal researcher at Censys, a cybersecurity firm that monitors hacking activities on the internet.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cIt looks like initial exploitation was against a narrow set of targets,\u201d Cutler told TechCrunch. \u201cLikely government related.\u201d\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cThis is a fairly rapidly evolving case. Initial exploitation of this vulnerability was likely fairly limited in terms of targeting, but as more attackers learn to replicate exploitation, we will likely see breaches as a result of this incident,\u201d said Cutler.<\/p>\n<div class=\"article-block block--callout block--right has-green-500-background-color\">\n<h4 class=\"block--callout__title\"><span class=\"ez-toc-section\" id=\"Contact_Us\"><\/span>Contact Us<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\t\t\tDo you have more information about these SharePoint attacks? We\u2019d love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.\t\t<\/p><\/div>\n<p class=\"wp-block-paragraph\">Now that the vulnerability is out there, and is still not fully patched by Microsoft, it\u2019s possible other hackers that are not necessarily working for a government will join in and start abusing it, Cutler said.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Cutler added that he and his colleagues are seeing between 9,000 and 10,000 vulnerable SharePoint instances accessible from the internet, but that could change. Eye Security, which first <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/research.eye.security\/sharepoint-under-siege\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">published the existence of the bug<\/a>, reported seeing a similar number, saying its researchers scanned more than 8,000 SharePoint servers worldwide and found evidence of dozens of compromised servers.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Given the limited number of targets and the types of targets at the beginning of the campaign, Cutler explained, it is likely that the hackers were part of a government group, commonly known as an advanced persistent threat.<\/p>\n<div class=\"wp-block-techcrunch-inline-cta\">\n<div class=\"inline-cta__wrapper\">\n<p>Techcrunch event<\/p>\n<div class=\"inline-cta__content\">\n<p>\n\t\t\t\t\t\t\t\t\t<span class=\"inline-cta__location\">San Francisco<\/span><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"inline-cta__separator\">|<\/span><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"inline-cta__date\">October 27-29, 2025<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n<p class=\"wp-block-paragraph\"><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.washingtonpost.com\/technology\/2025\/07\/20\/microsoft-sharepoint-hack\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">The Washington Post reported<\/a> on Sunday that the attacks targeted U.S. federal and state agencies, as well as universities and energy companies, among other commercial targets.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Microsoft <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/msrc.microsoft.com\/blog\/2025\/07\/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">said in a blog post<\/a> that the vulnerability only affects versions of SharePoint that are installed on local networks, and not the cloud versions, which means that each organization that deploys a SharePoint server needs to apply the patch or disconnect it from the internet.<\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" target=\"_blank\" >Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2025\/07\/21\/hackers-exploiting-sharepoint-zero-day-seen-targeting-government-agencies-say-researchers\/\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The hackers behind the initial wave of attacks exploiting a zero-day in Microsoft SharePoint servers have so far primarily targeted government organizations, according to researchers and news reports. Over the weekend, U.S. cybersecurity agency CISA published an alert, warning that hackers were exploiting a previously unknown bug \u2014 known as a \u201czero-day\u201d \u2014 in Microsoft\u2019s&#8230;<\/p>\n","protected":false},"author":1,"featured_media":681006,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2020\/09\/microsoft-glitch2.jpg?resize=1200,674","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[157773,152840,70375,70944,70513,152032,70286,72287,157774],"class_list":["post-681005","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-apt","tag-cisa","tag-cybersecurity","tag-hackers","tag-hacking","tag-infosec","tag-microsoft","tag-security","tag-sharepoint"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/681005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=681005"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/681005\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/681006"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=681005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=681005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=681005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}