A large-scale cyber-espionage operation targeting vulnerable versions of Microsoft’s SharePoint software has now compromised at least 400 organizations, according to researchers at Netherlands-based Eye Security. The figure marks a sharp increase from the 100 victims reported just days ago, and experts caution that the true number is likely higher. Many breaches leave no trace, making full detection difficult.
Among the confirmed victims is the U.S. National Institutes of Health (NIH), which acknowledged that one of its servers was hacked. “Additional servers were isolated as a precaution,” an NIH representative said. The breach was first reported by the Washington Post, highlighting growing concerns over the exploitation of unpatched Microsoft systems. The attacks began after Microsoft’s incomplete fix for a critical SharePoint vulnerability, leaving servers exposed to sophisticated hackers.
Both Microsoft and Alphabet (Google’s parent company) have attributed some of the attacks to Chinese state-sponsored hackers, though Beijing has denied involvement. The flaw allowed intruders to infiltrate systems, steal data, and maintain persistent access. Despite emergency patches, many organizations remain at risk due to delayed updates. Eye Security’s chief hacker, Vaisha Bernard, warned that the actual victim count could be far greater, as not all breaches leave detectable traces.
The incident underscores the dangers of unpatched enterprise software, particularly in government and corporate networks. With state-linked cyber-espionage on the rise, experts urge organizations to apply security updates immediately. Meanwhile, U.S. agencies and private firms are assessing the full impact of the breaches, which may have exposed sensitive data. As investigations continue, the attack serves as a stark reminder of the growing sophistication of global cyber threats.