A large and secret cyberattack has hit Microsoft’s systems, affecting nearly 100 organizations. Most of these were in the United States and Germany. This breach targeted Microsoft SharePoint servers—software used by many companies to share and manage data. The attack was not random.
A major cyberattack hits Microsoft users
It carefully aimed at important groups like government offices, energy companies, and universities.
Experts say this was a planned spying operation. The hackers took advantage of hidden flaws in Microsoft’s software—what experts call “zero-day vulnerabilities.” These are software problems that even the company doesn’t know about until it’s too late. This allowed the hackers to break in and steal highly sensitive data, including secret government files and encryption keys.
The attack was not just a small break-in. It was big, deep, and caused serious damage. People online are calling it a “vault break” that let the attackers take everything they wanted before disappearing without a trace.
Google says China is likely behind the breach
Google’s security team, along with a cybersecurity company it owns, helped uncover the attack. They found strong clues pointing toward a hacker group linked to China. However, the exact identity of the attackers is still not 100% confirmed. Investigations are still happening.
The hackers were able to sneak in by using two serious bugs in Microsoft SharePoint. These bugs were supposed to be fixed in July, but the attackers found a way around the fix. This made the earlier patch useless. They used a method first shown in a hacking contest in Berlin called “Pwn2Own,” which lets experts show how to break into systems.
Because of these flaws, hackers got full access to SharePoint servers. Once inside, they could copy and steal secret files, including digital keys used to protect data. These keys could be used to unlock even more private systems.
The size of the attack is what makes it very serious. Even though the names of the victims were not shared, experts believe this affected parts of the U.S. federal and state governments, large energy firms, and top universities.
No fix yet, and concerns grow over Microsoft’s security
U.S. government officials have confirmed that many systems were hit. Agencies like the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Justice have shared alerts with other organizations. They are asking companies to turn on stronger monitoring systems to check if they were also attacked.
However, Microsoft has not yet shared a new patch to fix the problems. This delay has caused anger and fear online. Some people are saying there is “no patch, no clue, no comment” from Microsoft. Many believe that this is part of a bigger pattern. Microsoft has faced several similar security issues in the past two years.
No Spies Allowed—Apple’s Private Cloud Compute Redefines AI Privacy Standards
This latest attack has added more pressure on Microsoft. It also raises big questions about how much the U.S. government depends on one single company for its most important digital systems.
The timing of this attack also matters. It comes during a period when tensions between the U.S. and China are already very high. With sensitive government data at risk, this breach could make those tensions worse.
Online, the reaction has been strong. People are warning that the damage is still unfolding. Many affected systems have not yet recovered, and the hackers may have already escaped with very valuable information.
As of now, Microsoft has not released a public comment about the new vulnerabilities or shared when a fix will be ready. Meanwhile, cybersecurity experts are urging all organizations using Microsoft SharePoint to check their systems and keep monitoring for any signs of a break-in
