Microsoft SharePoint exploit hits the feds

Recent cyberattacks exploiting a severe vulnerability in Microsoft's on-premise SharePoint software have affected nearly 100 organizations globally, including federal- and state-level US agencies. Investigation has tied at least some of the breach activity to a China-nexus hacking group, according to Charles Carmakal, chief technology officer at Google’s Mandiant, as reported by Politico. Connections to Chinese internet protocol addresses were observed, and experts say early targets included entities of likely interest to China.

Defense One reported that DHS’s CISA, TSA, CBP, and FEMA were affected.

The underlying issue stems from a critical flaw in on-premise versions of SharePoint. Self-hosted customers—not Microsoft cloud users—are at risk. While Microsoft issued effective patches for remaining exposed versions on 21 July 2025, researchers warn that installing those patches is only part of the solution. Organizations must also replace digital keys, scan for malware, and investigate for backdoors already left by intruders.