A serious vulnerability in Microsoft’s SharePoint software has allowed Chinese state-backed hackers to break into over 60 organisations worldwide — including the US agency that oversees nuclear weapons.
Microsoft said the flaw is being actively exploited by three China-linked hacking groups — Linen Typhoon, Violet Typhoon and Storm-2603 — targeting organisations running SharePoint on their own servers rather than via the cloud. The company has “high confidence” the vulnerability will continue to be used in future attacks.
Among the most sensitive targets breached is the US National Nuclear Security Administration (NNSA), responsible for managing the country’s nuclear arsenal, naval reactors and radiological emergency response. A person familiar with the matter told Bloomberg no classified data is believed to have been accessed. Other parts of the Department of Energy were also compromised.
The flaw, which has been used since at least 7 July, has allowed hackers to access systems in the energy sector, government departments, consulting firms and universities. More than 100 servers have been affected across 10 countries, including the UK, Canada, Spain, Brazil, Indonesia, Switzerland and South Africa.
CrowdStrike, one of the cybersecurity firms investigating the breach, said the early wave of intrusions resembled coordinated, state-sponsored activity and quickly escalated to what “looks like China”. Microsoft has since issued a patch, but many institutions remain exposed.
Other known victims include the US Department of Education, the Florida Department of Revenue, and the Rhode Island General Assembly. A US healthcare provider and a Southeast Asian university were also targeted, though neither has been named publicly.
A report reviewed by Bloomberg revealed attempts to compromise SharePoint servers globally, with threat actors focusing on high-value infrastructure and institutions.
In response, the Chinese embassy in Washington denied any involvement, saying it “firmly opposes all forms of cyberattacks” and criticised what it called baseless accusations.
The US Energy Department confirmed the issue began on 18 July and said cloud-based systems were less affected. Microsoft’s investigation is ongoing, with the company urging all SharePoint users to apply recent security updates.
The incident highlights the persistent vulnerability of on-premise software infrastructure — and the role cyberattacks continue to play in geopolitical tensions between the US and China.
You Might Also Like
Latest Article
Victoria 2031 Invites Cultural Proposals As Final EU Selection Nears
Victoria 2031 Foundation has launched an open call for artistic and cultural proposals as it prepares for the final stage of its bid to become European Capital of Culture in 2031. The initiative invites submissions from artists, organisations, collectives, businesses and NGOs in Malta and abroad, as part of efforts to shape the cultural programme … Continued
|
14 April 2026
Written by MeetInc.
VDH Group Offloads Polish Hotel In €15.7m Portfolio Move
|
13 April 2026
Written by MeetInc.
HSBC Malta Staff Join National Genomics Project Through On-Site Initiative
|
13 April 2026
Written by MeetInc.
