- Microsoft linked SharePoint cyberattacks to Chinese state-backed hacker groups including Violet Typhoon
- US National Nuclear Security Administration breached, no sensitive data believed to have compromised
- Over 100 organisations globally affected, spanning government, energy, consulting and universities
Microsoft has linked a wave of cyberattacks targeting its SharePoint servers to Chinese state-backed hackers, including well-known groups Violet Typhoon and Linen Typhoon, as well as a third group, Storm-2603.
The US National Nuclear Security Administration (NNSA), which is responsible for maintaining the country's nuclear weapons stockpile, was among the organisations breached. However, no sensitive or classified information is believed to have been compromised, Interesting Engineering reported, citing a source.
In a blogpost published on July 22, Microsoft noted that probes into other actors also using these exploits are still underway. "With the rapid adoption of these exploits, Microsoft assesses with high confidence that threat actors will continue to integrate them into their attacks against unpatched on-premises SharePoint systems."
Also Read | Humans Outshine Google And OpenAI AI At Prestigious Math Olympiad Despite Record Scores
The hackers exploited critical vulnerabilities in Microsoft's SharePoint software, specifically zero-day vulnerabilities, including CVE-2025-53770, to gain remote access to networks and steal credentials.
The affected customers are those who operate the software on their internal servers instead of Microsoft's cloud-based services.
"These attacks highlight the growing sophistication and global scale of cyber threats," Microsoft said.
"Early exploitation resembled government-sponsored activity, and then spread more widely to include hacking that looks like China," said Adam Meyers, senior vice president at CrowdStrike. Meyers further added that the extent of the campaign is still being analysed.
The attacks began on July 18, said an Energy Department spokesperson, further adding that damage was limited because of the department's use of Microsoft's cloud services. "Our systems are built with multiple levels of security," the official said as quoted.
Bloomberg reported that hackers also attacked other systems at the US Department of Education, Florida's Department of Revenue, and the Rhode Island General Assembly. However, these departments haven't confirmed or denied it yet.
Also Read | People Are Exploiting This iPhone App To Cheat On Their Partners. Here's How
The report mentioned that over 100 organisations have been compromised worldwide, including government agencies, energy companies, consulting firms and universities. The breaches have said to have affected organisations across multiple sectors and countries, including the US, Europe, and the Middle East.
Microsoft has released security updates addressing the exploited vulnerabilities and urged all customers to apply patches without delay. The company has also hired government security executives and holds weekly senior leadership meetings focused on improving software resilience.
"There were ways around the patches," said Vaisha Bernard, Eye Security's chief hacker and co-owner said as quoted. "That allowed these attacks to happen."
China denies allegations
The Chinese Embassy in Washington has denied the allegations. In a statement, the embassy said, "At the same time, we also firmly oppose smearing others without solid evidence."
"We hope that relevant parties will adopt a professional and responsible attitude when characterising cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations."
The breach highlights the ongoing threat posed by Chinese state-sponsored cyber espionage operations allegedly targeting critical US infrastructure and the need for robust cybersecurity measures to protect sensitive government and corporate networks.
Track Latest News Live on NDTV.com and get news updates from India and around the world
