In a massive cybersecurity breach, a critical vulnerability in Microsoft Corp.’s SharePoint servers has led to more than 400 organizations being compromised, according to Dutch cybersecurity firm Eye Security. This attack, which initially appeared limited, has escalated dramatically over just a few days, raising serious concerns about global cybersecurity preparedness and the role of state-sponsored actors in such incidents.
What Happened in the Microsoft SharePoint Breach?
The breach exploited flaws in Microsoft SharePoint, a widely-used enterprise collaboration platform. These vulnerabilities allowed hackers to steal authentication keys, granting them the ability to impersonate users and access internal systems.
The attackers gained deep access to confidential networks, making it one of the most severe SharePoint-related security incidents in recent memory.
Eye Security, which first flagged the attack, initially estimated around 60 compromised entities. That number surged to over 400 as more information emerged. Victims include government agencies, tech companies, universities, and critical infrastructure entities across the US, Mauritius, Jordan, South Africa, and the Netherlands.
Notably, the US National Nuclear Security Administration, responsible for managing America’s nuclear arsenal, was among those breached.
Who Is Behind the Breach?
Microsoft has attributed the attacks to China-linked state-sponsored hacking groups, including:
- Linen Typhoon (identified in 2012): Focuses on stealing intellectual property from government, defense, and human rights organizations.
- Violet Typhoon (identified in 2015): Known for espionage, targeting ex-military personnel, NGOs, and education/media institutions.
- Storm-2603: Another group based in China, also suspected to have exploited the same SharePoint flaws.
According to Eugenio Benincasa, a researcher at ETH Zurich’s Center for Security Studies, these groups are not necessarily directly tied to Chinese government agencies. Instead, proxy hacking groups or private “hackers for hire” could be conducting the intrusions under government contract.
Historical Context of Microsoft-Centric Attacks
This isn’t the first time Microsoft has found itself at the center of a China-linked cyber campaign. In 2021, Microsoft Exchange servers were compromised in an attack believed to be carried out by Chinese actors, affecting tens of thousands of organizations worldwide.
In 2023, another alleged China-backed campaign targeted senior US officials’ email accounts, prompting a US government review that criticized Microsoft for a “cascade of security failures.”
Microsoft’s Response and Patch Release
Microsoft has issued patches for the exploited vulnerabilities. However, cybersecurity experts warn that many systems were already compromised before patches were applied, meaning that hackers may retain a foothold even after updates.
According to Vaisha Bernard, co-owner of Eye Security, the true number of affected systems might be significantly higher.
“This is still developing, and other opportunistic adversaries continue to exploit vulnerable servers,” Bernard stated.
Many breaches go undetected due to stealthy intrusion techniques that leave little forensic evidence.
Affected Entities Include Key US Government Departments
Alongside the National Nuclear Security Administration, systems belonging to the following were also reportedly compromised:
- US Department of Education
- Florida Department of Revenue
- Rhode Island General Assembly
These breaches suggest that critical public infrastructure and government agencies remain prime targets, highlighting the urgent need for robust cybersecurity policies and defenses.
China Responds: Denies Involvement
The Chinese Embassy in Washington issued a statement firmly denying any involvement in the attacks.
“We also firmly oppose smearing others without solid evidence. We hope that relevant parties will adopt a professional and responsible attitude,” the embassy stated.
China has long denied allegations of state-sponsored hacking, though global cybersecurity analysts have repeatedly linked Chinese hacker groups to numerous espionage and intellectual property theft campaigns over the past decade.
The Bigger Picture: Global Cyberwarfare Intensifies
This incident adds to growing concerns about cyberwarfare and digital espionage as tools of geopolitical conflict. The breach comes at a time of heightened tension between the US and China, with both countries locked in disputes over technology access, defense policy, and trade.
Cybersecurity experts argue that such attacks are not merely about data theft—they are about destabilizing critical systems, gathering intelligence, and influencing global politics.
With three known Chinese groups exploiting the same SharePoint flaw, analysts believe it’s likely more state or non-state actors will follow suit. This puts thousands of organizations at risk, especially those using unpatched or misconfigured systems.
What Can Organizations Do?
If your organization uses SharePoint, immediate steps should include:
- Applying all recent Microsoft security patches
- Conducting a thorough forensic audit of server logs
- Isolating suspicious traffic or user behavior
- Consulting cybersecurity professionals for incident response
Why Bombay Shaving Company’s CEO Predicts the Fall of Minimalist Skincare Brand