A serious vulnerability in Microsoft’s SharePoint software has allowed Chinese state-backed hackers to break into over 60 organisations worldwide — including the US agency that oversees nuclear weapons.
Microsoft said the flaw is being actively exploited by three China-linked hacking groups — Linen Typhoon, Violet Typhoon and Storm-2603 — targeting organisations running SharePoint on their own servers rather than via the cloud. The company has “high confidence” the vulnerability will continue to be used in future attacks.
Among the most sensitive targets breached is the US National Nuclear Security Administration (NNSA), responsible for managing the country’s nuclear arsenal, naval reactors and radiological emergency response. A person familiar with the matter told Bloomberg no classified data is believed to have been accessed. Other parts of the Department of Energy were also compromised.
The flaw, which has been used since at least 7 July, has allowed hackers to access systems in the energy sector, government departments, consulting firms and universities. More than 100 servers have been affected across 10 countries, including the UK, Canada, Spain, Brazil, Indonesia, Switzerland and South Africa.
CrowdStrike, one of the cybersecurity firms investigating the breach, said the early wave of intrusions resembled coordinated, state-sponsored activity and quickly escalated to what “looks like China”. Microsoft has since issued a patch, but many institutions remain exposed.
Other known victims include the US Department of Education, the Florida Department of Revenue, and the Rhode Island General Assembly. A US healthcare provider and a Southeast Asian university were also targeted, though neither has been named publicly.
A report reviewed by Bloomberg revealed attempts to compromise SharePoint servers globally, with threat actors focusing on high-value infrastructure and institutions.
In response, the Chinese embassy in Washington denied any involvement, saying it “firmly opposes all forms of cyberattacks” and criticised what it called baseless accusations.
The US Energy Department confirmed the issue began on 18 July and said cloud-based systems were less affected. Microsoft’s investigation is ongoing, with the company urging all SharePoint users to apply recent security updates.
The incident highlights the persistent vulnerability of on-premise software infrastructure — and the role cyberattacks continue to play in geopolitical tensions between the US and China.
You Might Also Like
Latest Article
Netflix To Acquire Warner Bros. In Landmark $82.7 Billion Deal
Netflix has agreed to acquire Warner Bros. from Warner Bros. Discovery (WBD) in a landmark transaction valued at an enterprise value of $82.7 billion, marking one of the largest entertainment mergers in industry history. The deal is set to close following WBD’s planned separation of its Global Networks division, Discovery Global, into a standalone publicly … Continued
|
5 December 2025
Written by MeetInc.
Tune In Tonight: Malta Business Awards 2025 Hits TVM+ At 21:15
|
5 December 2025
Written by MeetInc.
Zuckerberg Plans Deep Cuts To Metaverse As Meta Shifts Focus To AI Hardware
|
5 December 2025
Written by MeetInc.
