Washington, D.C. [US], July 24 (ANI): Three hacking groups associated with China are involved in a large-scale cyberattack exploiting vulnerabilities in Microsoft’s SharePoint server software, affecting numerous organizations globally, according to a report by Politico.
Citing two U.S. officials, the report noted that several federal government agencies are believed to be among the first victims of this ongoing cyber exploitation campaign, although the full extent of the breach remains unclear.
Microsoft confirmed in a blog post that the three Chinese hacking groups—identified as Violet Typhoon, Linen Typhoon, and Storm-2603—are participating in the attack. Approximately 100 organizations, including at least two U.S. federal agencies, are believed to have been compromised, according to one U.S. official involved in the response and another briefed on the matter. Both officials spoke on the condition of anonymity due to the sensitive and ongoing nature of the situation.
Since Saturday, private cybersecurity researchers and federal investigators have been working to assess the breach, which Microsoft first disclosed after detecting unidentified hackers exploiting a major flaw in customer-managed SharePoint servers—a commonly used workplace collaboration platform.
Microsoft stated in its blog post that, given how quickly the vulnerability is being exploited, it is “highly confident” the threat actors will continue to target unpatched on-premises SharePoint systems.
One U.S. official said investigators currently believe that at least “four to five” federal agencies were compromised, with additional agencies still under investigation. The second official added that, as of Monday, they had been informed that “more than one” federal agency had been affected.
The SharePoint vulnerabilities are considered critical, as they allowed hackers to remotely infiltrate Microsoft customers using self-hosted versions of the software, enabling deeper access into internal systems. However, these vulnerabilities do not affect customers using Microsoft’s cloud-hosted version of SharePoint.
A Microsoft spokesperson said the company is working to ensure that customers apply the necessary security patches and is “coordinating closely with CISA, DOD Cyber Defense Command, and key global cybersecurity partners throughout our response.” A spokesperson for the Cybersecurity and Infrastructure Security Agency (CISA) stated that Microsoft has been “responding quickly” since the agency initially reached out.
This incident adds to a growing list of security breaches targeting the U.S. tech giant, many of which have been linked to Chinese actors.
In 2023, Chinese hackers accessed the emails of both the U.S. ambassador to China and the U.S. Commerce Secretary by exploiting a series of Microsoft security flaws—an incident that later drew criticism from a federal cyber review board. Last week, the Pentagon announced a review of all its cloud services after an investigation revealed that engineers based in China had been providing technical support for Pentagon computer systems, Politico reported.
About The Author
