Microsoft has confirmed that Chinese state-sponsored hackers, including the Linen Typhoon, Violet Typhoon, and Storm-2603 groups, exploited vulnerabilities in on-premises SharePoint servers. Eye Security, a Dutch cybersecurity firm, has already identified breaches in over 400 agencies and businesses globally, primarily in the US, including the National Nuclear Security Administration. The attacks, which began as early as July 7th, leveraged vulnerabilities allowing attackers to spoof authentication and execute malicious code, potentially stealing key material. Microsoft has released security updates and urges users to install them immediately, warning of continued attacks on unpatched systems.

The vulnerabilities affected on-premises SharePoint servers, used by many organizations for document storage and collaboration. Microsoft states that Linen Typhoon has targeted intellectual property since 2012, focusing on government, defense, and human rights organizations, while Violet Typhoon, active since 2015, has focused on espionage targeting various sectors. Microsoft expresses medium confidence that Storm-2603 is China-based, but hasn't established links to other Chinese groups.

Impact Statement: The widespread exploitation of SharePoint vulnerabilities poses a significant risk to numerous organizations, emphasizing the need for swift patching and improved cybersecurity measures to mitigate future attacks.