Microsoft SharePoint attacks ensnare 400 victims, including federal agencies | CyberScoop<\/title> <meta name=\"description\" content=\"The Departments of Energy, Homeland Security and Health and Human Services have been impacted.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-attacks-400-victims-us-agencies\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft SharePoint attacks ensnare 400 victims, including federal agencies\"> <meta property=\"og:description\" content=\"The Departments of Energy, Homeland Security and Health and Human Services have been impacted.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-attacks-400-victims-us-agencies\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-07-24T18:39:46+00:00\"> <meta property=\"article:modified_time\" content=\"2025-07-24T18:39:49+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1752617955g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1752617143g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85305\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85305\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-sharepoint-attacks-400-victims-us-agencies%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-sharepoint-attacks-400-victims-us-agencies%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85305 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-attacks-400-victims-us-agencies\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.541489361702\">\n<div class=\"single-article__header-content\" readability=\"34.304709141274\">\n<p> The Departments of Energy, Homeland Security and Health and Human Services have been impacted. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/85305\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Microsoft headquarters\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-2.jpg 4800w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> A sign is seen at Microsoft headquarters on July 3, 2024, in Redmond, Washington. (David Ryder\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"57.190201729107\"><body readability=\"120.42974640164\"><\/p>\n<p>The fallout from an attack spree targeting defects in on-premises Microsoft SharePoint servers continues to spread nearly a week after zero-day exploits were discovered, <a href=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-zero-day-attack-spree\/\">setting off alarms across the globe<\/a>. More than 400 organizations have been actively compromised across four waves of attacks, according to <a href=\"https:\/\/research.eye.security\/sharepoint-under-siege\/?\">Eye Security<\/a>.<\/p>\n<p>Multiple government agencies, including the Departments of Energy, Homeland Security and Health and Human Services, have been hit. The California Independent System Operator, which operates some of the state\u2019s wholesale electric grid, was also impacted.<\/p>\n<p>As more victims confirm varying levels of compromise from the attack spree, researchers are learning and sharing more details about post-exploit activities. One of the China-based attackers behind the initial wave of attacks, Storm-2603, deployed Warlock ransomware starting July 18, Microsoft Threat Intelligence said Wednesday in an <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/\">updated blog post<\/a>.<\/p>\n<p>The Chinese government-affiliated threat groups Linen Typhoon and Violet Typhoon \u2014 which have been active for at least a decade \u2014 are also <a href=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-zero-days-china-typhoon\/\">actively exploiting the zero-day vulnerabilities<\/a>, Microsoft said. Linen Typhoon has focused on stealing intellectual property and Violet Typhoon is an espionage threat group. Storm is a moniker Microsoft uses for threat groups in development.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Microsoft said it observed Storm-2603 modifying policy settings to distribute Warlock ransomware in compromised environments. The attacker is also attempting to steal cryptographic keys from compromised SharePoint servers, which could allow attackers to maintain persistent access to victim environments after the patch has been applied. Microsoft did not say how many organizations have been hit with ransomware.<\/p>\n<p>The zero-days under active exploit \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53770\">CVE-2025-53770<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53771\">CVE-2025-53771<\/a> \u2014 are variants of a pair of previously disclosed vulnerabilities \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-49706\">CVE-2025-49706<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-49704\">CVE-2025-49704<\/a> \u2014 Microsoft addressed in its <a href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-july-2025\/\">security update<\/a> earlier this month. After discovering the new flaws, Microsoft scrambled to develop patches, releasing the updates for all affected versions of SharePoint by late Monday.<\/p>\n<p>The exploit dubbed \u201cToolShell,\u201d which allows attackers to bypass multi-factor authentication and single sign-on, contains the newly discovered defects: CVE-2025-53770, a critical remote-code execution vulnerability, and CVE-2025-53771, a security-bypass vulnerability. <\/p>\n<p>The \u201cToolShell\u201d exploit chain allows attackers to fully access SharePoint content and execute code over the network, the Cybersecurity and Infrastructure Security Agency said. ESET Labs researchers said threat groups often chain all four vulnerabilities to intrude organizations.<\/p>\n<p>CISA added CVE-2025-53770 to its <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">known exploited vulnerabilities catalog<\/a> Sunday, and added CVE-2025-47904 and CVE-2025-47906 to the database Tuesday. CISA said CVE-2025-53770 is a patch bypass for CVE-2025-49704 and CVE-2025-53771 is a patch bypass for CVE-2025-49706.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Officials declined to describe the level of compromise sustained across the federal government.<\/p>\n<p>\u201cOnce the Microsoft SharePoint vulnerability was identified on Friday, CISA quickly launched a national coordinated response through an <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/update-microsoft-releases-guidance-exploitation-sharepoint-vulnerabilities\">initial alert<\/a> and two cybersecurity updates,\u201d a Department of Homeland Security spokesperson said in a statement. \u201cCISA has been working around the clock with Microsoft, impacted agencies, and critical infrastructure partners to share actionable information, apply mitigation efforts, implement protective measures, and assess preventative measures to shield from future attacks.\u201d<\/p>\n<p>The spokesperson said an investigation to identify potential exposure remains ongoing, adding \u201cthere is no evidence of data exfiltration at DHS or any of its components at this time.\u201d<\/p>\n<p>The Energy Department, which was impacted along with the National Nuclear Security Administration, is also unaware of any compromise of sensitive or classified information. <\/p>\n<p>Exploitation of the Microsoft SharePoint zero-day vulnerability began affecting the Energy Department and the NNSA on Friday. \u201cThe department was minimally impacted due to its widespread use of the Microsoft 365 cloud and very capable cybersecurity systems,\u201d an agency spokesperson said in a statement.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cA very small number of systems were impacted. NNSA is taking the appropriate action to mitigate risk and transition to other offerings as appropriate,\u201d the spokesperson added.<\/p>\n<p>The Department of Health and Human Services said it is monitoring, identifying and mitigating all risks to its IT systems posed by the Microsoft SharePoint vulnerability. \u201cThis vulnerability is not unique to HHS and has been observed in other federal agencies and the private sector,\u201d a spokesperson for the agency said in a statement. \u201cAt present, we have no indication that any information was breached as a result of this vulnerability.\u201d<\/p>\n<p>Jayme Ackemann, director of communications at the California Independent System Operator, said the nonprofit, which manages long-distance power lines across 80% of California\u2019s grid, became aware of potential exploitation Sunday. \u201cThere has been no impact to market operations or grid reliability due to this incident,\u201d Ackemann said. \u201cAll systems remain stable and fully operational.\u201d<\/p>\n<p>Microsoft SharePoint is prevalent across enterprise and government and deeply integrated with Microsoft\u2019s platform. Researchers warn that attackers could use intrusions to burrow deeper into victim networks.<\/p>\n<p>Attacks have spread globally but U.S.-based organizations are the most heavily targeted to date, accounting for more than 13% of attacks, according to ESET\u2019s telemetry data. Scans from the <a href=\"https:\/\/dashboard.shadowserver.org\/statistics\/iot-devices\/time-series\/?date_range=7&vendor=microsoft&model=sharepoint&dataset=count&limit=100&group_by=geo&stacking=stacked&auto_update=on\">Shadowserver Foundation<\/a> showed nearly 11,000 SharePoint instances were still exposed to the internet as of Wednesday.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.4166666666667\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-attacks-400-victims-us-agencies\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft SharePoint attacks ensnare 400 victims, including federal agencies |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,282,78,452,453,1436,293,2659,117,1766,625,4603,467,3332,46,256,310,288,643,1170],"tags":[277,286,86,454,455,1439,299,2661,119,1771,630,4605,471,3336,54,262,311,294,645,1171],"class_list":["post-7827","post","type-post","status-publish","format-standard","hentry","category-china","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-department-of-energy-doe","category-department-of-health-and-human-services-hhs","category-department-of-homeland-security-dhs","category-exploit","category-government","category-known-exploited-vulnerabilities-kev","category-microsoft","category-microsoft-sharepoint","category-microsoft-threat-intelligence-center","category-nation-state-hackers","category-ransomware","category-research","category-technology","category-threats","category-vulnerabilities","category-zero-days","tag-china","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-department-of-energy-doe","tag-department-of-health-and-human-services-hhs","tag-department-of-homeland-security-dhs","tag-exploit","tag-government","tag-known-exploited-vulnerabilities-kev","tag-microsoft","tag-microsoft-sharepoint","tag-microsoft-threat-intelligence-center","tag-nation-state-hackers","tag-ransomware","tag-research","tag-technology","tag-threats","tag-vulnerabilities","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-energy-doe\/\" rel=\"category tag\">Department of Energy (DOE)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-health-and-human-services-hhs\/\" rel=\"category tag\">Department of Health and Human Services (HHS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-homeland-security-dhs\/\" rel=\"category tag\">Department of Homeland Security (DHS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exploit\/\" rel=\"category tag\">exploit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/known-exploited-vulnerabilities-kev\/\" rel=\"category tag\">known exploited vulnerabilities (KEV)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-sharepoint\/\" rel=\"category tag\">Microsoft SharePoint<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-threat-intelligence-center\/\" rel=\"category tag\">Microsoft Threat Intelligence Center<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nation-state-hackers\/\" rel=\"category tag\">nation-state hackers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7827","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7827"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7827\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7827"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7827,"date":"2025-07-24T13:39:46","date_gmt":"2025-07-24T18:39:46","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85305"},"modified":"2025-07-24T13:39:46","modified_gmt":"2025-07-24T18:39:46","slug":"microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/07\/24\/microsoft-sharepoint-attacks-ensnare-400-victims-including-federal-agencies\/","title":{"rendered":"Microsoft SharePoint attacks ensnare 400 victims, including federal agencies"},"content":{"rendered":"