From a great attack on the Microsoft service to the collapse of a transport company through one poor password. Cyberrataki paralyzes business


At the beginning of July, users of local Microsoft Sharepoint instances had to face a considerable threat. Exactly on July 7, the first signals appeared about hackers using a series of gaps depending on CVE-2025-49704/49706 and the new CVE-2025-53770/53771-referred to by experts as “Toolshell”. These gaps allowed for remote code and theft of cryptographic keyswhich allowed the attackers to obtain lasting access to the account.
Microsoft confirmed that at least three groups associated with the People's Republic of China-Linen Typhoon, Violet Typhoon and Storm-2603-actively used these gaps from July 7. It is estimated that over 100 organizations were attackedincluding American federal agencies, telecommunications companies and educational institutions.
Microsoft has released further comprehensive corrections for SharePoint Server 2016, 2019 and the Subscription Edition. He also introduced new protection measures: Machine Key rotation and integration with “Defender for Endpoint” to eliminate the traps left by the attackers. Cisa and other agencies advised the immediate disconnection of servers if they could not be repaired.
Check also: “We can usually break in in 3-5 hours.” Polish public institutions ignore threats
Why does this attack deserve special attention?
Already a few days after revealing the gap, the attackers implemented Exploit against her, and subsequent groups began to act. For clarification Exploit is a deliberately prepared code or technique that uses the software gap or system configuration to get unauthorized access or force other undesirable action.
In addition, the network was penetrated – the attack began with Web Shelli (malicious scripts placed on the server), enabling obtaining keys and subsequent escalation of access, also after entering the update. This led to the domino effect. Sharepoint often integrates with Office, Teams, OneDrive and Outlook. The compromise of one application could therefore lead to a wide data leakage and failures of many processes.
We are also dealing here with a large scale, because it is connected on the Internet Thousands of SharePoint instances located in hospitals, schools, companies and government institutions. Although Microsoft has provided security amendments, cyber security experts emphasize that installing them itself is not enough. It is necessary to analyze the signatures (comparing files or network traffic with the base of known malignant code patterns to detect threats), key rotation (regular replacement of used cryptographic keys to new to minimize the risk of their capture or abuse) and full investigation on the infrastructure side.
A large -scale attack can cause serious damage, but even more dangerous is one that will intentionally profile under a specific company. The British company KNP found out about it.
See also: Cyber attack on the government system. Problems with a mobile on a key day
The fall of a 158-year-old company by one weak password
Parallel to the crisis with SharePoint, a business tragedy took place in Great Britain. KNP, operating since 1867, a transport company from Northampononshire, fell victim to a ransomware attack from the “Akira” group. This time the burglary began with the guessing of one, poorly secured password – it was apparently so easy that the hackers guessed them intuitively.
The attackers then encrypted all servers, backups and emergency environments. Although the company had insurance, the ransom demanded about 5 million pounds, which is too much for funds available to the company. After six days of operational paralysis, the KNP declared bankruptcy. In this way The fleet of about 500 trucks disappeared from the roads, and 700 people lost their jobs.
Director Paul Abbott from the KNP decided not to inform an employee whose weak slogan led to a fall. “Would you like to know if it was you?” He asked rhetorically, commenting on the BBC.
The Cyber Security Breaches Survey 2025 report shows that ransomware attacks have already covered 19,000 in Great Britain. companies, and the average ransom demands reach 4 million pounds. The number of attacks has almost doubled in the last two years. The British National Cybersecurity Center (NCSC) clearly warns that if the trend continues, the current year will be the worst in history.
In addition, victims often bear reputational costs, regulatory penalties (GDPR, NIS2), business and court losses, which significantly exceed the ransom itself.
Read also: Protection against quantum computers will not be easy. AI attacks are “Pikuś”
Cybersecurity is a matter of the highest weight today
There are several reasons that make companies treat cyber security today as a priority.
- First, the scale of threats. Attacking – from the groups sponsored by you to cyber criminals – they quickly use new gaps and weak slogans, scanning the Internet in search of an open road.
- Secondly, the costs of the incident are growing avalanche – ransom, legal support, reputation, loss of customers and the risk of criminal activities are huge threats.
- Thirdly, traditional defense (anti -virus, backup, insurance) fails, especially when the attacker destroys backups and demands ransom, which exceed the financial capabilities – as in the case of KNP.
- Fourthly, the threat to the supply chain and infrastructure – if the gap in SharePoint strikes at least one system, breaks affect many related organizations.
Finally, regulations challenges: the number of information requirements, duties, penalties and compliance controls in various jurisdictions is increasing. Each company should have an appropriate cyber resistance strategy todaywhich goes beyond typical IT. Supervisory boards must understand risks and supervise their management, as well as a change in organizational culture – from forcing strong slogans and two -component authentication, through regular staff training.
In addition, network segmentation, backline backups are indicated in a versioned format, or insulation of critical systems. Recommended tools also include representatives of Security Orchestration, Automation and Response (SOAR) and Extended Detection and Response (XDR) – they shorten the reaction and limit the effects.
By implementing these solutions, companies not only protect their data and staff, but build a market advantage. Customers and partners are increasingly requiring confirmed digital resistance.
The defeat of one password and global zero-day attack
“Toolshell” attack on SharePoint and KNP's defeat show that One unwashed gap or poor protection can destroy the whole businessinfluencing hundreds of jobs, clients, partners and network security.
Cyber security has become the foundation of continuity of action and requires the involvement of the entire organization – from the IT department to the management. It's not just a cost. It is an investment in immunity and reputation. And without these factors there is neither business nor trust.
Author: Grzegorz Kubera, Business Insider Polska journalist




