Wide-spread Microsoft security breach hits Germany
Global Ransomware Attacks Exploiting Microsoft SharePoint Vulnerabilities
A series of ransomware attacks have been launched worldwide, exploiting vulnerabilities in Microsoft's SharePoint software. These attacks, primarily linked to Chinese state-affiliated hacker groups, have affected over 396 servers globally, including 42 in Germany.
The attacks, which began in June 2025, have targeted multiple sectors, with government organizations being the most affected. The United States leads with the highest number of victims (31%), followed by Mauritius (8%), Germany (7%), and France (5%).
The initial attacks were carried out by Chinese groups such as Linen Typhoon, Violet Typhoon, and Storm-2603. These groups exploited vulnerabilities that allow remote code execution, credential spoofing, and improper authentication to gain unauthorized access to SharePoint systems. Once inside, they deployed ransomware (Warlock, LockBit) and stole sensitive information.
Microsoft has responded by releasing security patch updates in early and mid-July 2025. These updates address key vulnerabilities, including CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771. However, unpatched systems remain vulnerable, and attackers continue to exploit these flaws.
To mitigate the risk, Microsoft advises customers to apply all available patches promptly, configure Antimalware Scan Interface integration, rotate SharePoint Server ASP.NET Machine Keys, and restart Internet Information Services (IIS) on all SharePoint servers after patching.
Eye Security experts suggest that the European SME sector, which often relies on solutions in its own data centers, is increasingly becoming a target. Criminal groups are now actively involved in exploiting the SharePoint vulnerability, making timely patching and key rotations essential for mitigation.
In Germany, ten of the affected organizations have their headquarters, highlighting the need for continuous security monitoring in the SME sector. Despite the patches, the danger posed by the SharePoint vulnerability continues to rise, affecting not just states or corporations, but also smaller businesses.
[1] Microsoft Security Response Center - CVE-2025-49704 [2] Microsoft Security Response Center - CVE-2025-49706 [3] Microsoft Security Response Center - CVE-2025-53770 and CVE-2025-53771 [4] Eye Security - Global SharePoint Attack Analysis
- Given the ongoing global ransomware attacks exploiting Microsoft SharePoint vulnerabilities, it's crucial for the European SME sector to prioritize technology updates, especially in addressing the identified vulnerabilities such as CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771.
- Amidst the escalating cybersecurity threats, education about the importance of patching systems, rotating keys, and configuring Antimalware Scan Interface integration in the context of the SharePoint vulnerabilities can help reduce crime-and-justice incidents in the general-news sector, ensuring the safety of businesses, regardless of their size.
