EchoLeak - SparTech Software

The EchoLeak attack is a critical zero-click vulnerability (CVE-2025-32711) discovered in Microsoft 365 Copilot, enabling attackers to silently exfiltrate sensitive organizational data without any user interaction. Here’s how EchoLeak Works

1. Malicious Email Injection: Attackers send a specially crafted email disguised as a business document. The email contains hidden prompt injections that bypass Microsoft’s cross-prompt injection attack (XPIA) classifiers.
2. Retrieval-Augmented Generation (RAG) Exploit: When the victim later interacts with Copilot (e.g., asking a business-related question), the RAG engine retrieves the malicious email into the AI’s context due to its formatting and apparent relevance.
3. LLM Scope Violation: The injected prompt tricks the AI into accessing privileged data (e.g., chat histories, OneDrive files, Teams conversations) and embedding it into a markdown image or link. The browser automatically requests the image, sending the stolen data to the attacker’s server.
4. Exfiltration via Trusted Domains: Microsoft’s Content Security Policy (CSP) blocks most external domains, but attackers abuse trusted Microsoft URLs (e.g., SharePoint, Teams) to evade detection

Google to implement multi-layered defense in its generative AI systems.
Google has implemented a multi-layered defense strategy to secure its generative AI systems (like Gemini) from evolving threats, particularly indirect prompt injection attacks. These attacks involve embedding malicious instructions within external data sources—such as emails, documents, or calendar invites—to manipulate AI into exfiltrating sensitive data or performing unauthorized actions. Unlike direct prompt injections, where attackers input malicious commands explicitly, indirect injections exploit trusted content to bypass defenses.
Microsoft Copilot Zero-Click Vulnerability (“EchoLeak”): What Happened and Why It Matters
A critical security flaw, dubbed “EchoLeak” (CVE-2025-32711), was discovered in Microsoft 365 Copilot, the AI assistant integrated into Office apps like Word, Excel, Outlook, and Teams. This vulnerability allowed attackers to exfiltrate sensitive organizational data through a “zero-click” attack—meaning the victim did not need to interact with any malicious content for the exploit to succeed.
Glossary: LLM scope violations
LLM scope violations refer to security vulnerabilities in large language model (LLM) systems where the model is manipulated into accessing or leaking information beyond its intended operational boundaries. This occurs when untrusted or malicious inputs are mixed with sensitive internal data, causing the LLM to process and reveal privileged information to unauthorized parties.

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC

Related