exposed to the internet, you should assume that you have been compromised at this point,” said Michael Sikorski, the head of Palo Alto Networks’ threat intelligence division Unit 42, in an email to TechCrunch.
It’s also not yet known who is carrying out the attacks on SharePoint servers, but it is the latest in a string of cyberattacks targeting Microsoft customers in recent years.
In 2021, a China-backed hacking group dubbed Hafnium was caught exploiting a vulnerability found in self-hosted Microsoft Exchange email servers, allowing the mass-hacking and exfiltration of email and contacts data from businesses around the world. The hackers compromised more than 60,000 servers, according to a recent Justice Department indictment accusing two Chinese nationals of masterminding the operation.
Two years later, Microsoft confirmed a cyberattack on its cloud systems, which it manages directly, allowing Chinese hackers to steal a sensitive email signing key that permitted access to both consumer and enterprise email email accounts hosted by the company.
Microsoft has also reported repeated intrusions from hackers associated with the Russian government.
Do you know more about the SharePoint cyberattacks? Are you an affected customer? Securely contact this reporter via encrypted message at zackwhittaker.1337 on Signal.
An earlier version of this story stated the incorrect CVE number; the story has been amended to note the correct vulnerability, CVE-2025-53770.
