Posted on 07/23/2025 5:09:09 AM PDT by Red Badger
Microsoft warns patched systems remain vulnerable as attackers find new ways to infiltrate SharePoint servers.
Microsoft has issued a critical warning about Chinese state-backed hackers exploiting security flaws in its SharePoint software.
These vulnerabilities have been used to compromise a growing list of government agencies and private organizations worldwide, including the US National Nuclear Security Administration (NNSA).
In a detailed blog post, Microsoft identified three hacking groups with ties to China. The groups, known as Linen Typhoon, Violet Typhoon, and Storm-2603, are believed to have taken advantage of SharePoint weaknesses that mainly affect customers who operate the software on their internal servers rather than through Microsoft’s cloud-based services.
“These attacks highlight the growing sophistication and global scale of cyber threats,” Microsoft said in its blog.
The company noted that its investigations are ongoing and said it has “high confidence” that hackers will “continue to integrate them into their attacks.”
Cybersecurity experts say breaches have been ongoing since early July. “Early exploitation resembled government-sponsored activity, and then spread more widely to include hacking that looks like China,” said Adam Meyers, senior vice president at CrowdStrike. He added that CrowdStrike is still analyzing the extent of the campaign.
US nuclear and education agencies compromised
Among the most concerning breaches is that of the NNSA, which manages the design and maintenance of America’s nuclear weapons.
A source familiar with the matter confirmed the breach but said no classified information was taken. Other branches of the US Department of Energy were also affected.
An Energy Department spokesperson said the exploitation began on July 18 but noted that damage was limited thanks to the department’s use of Microsoft’s cloud services. “Our systems are built with multiple levels of security,” the official stated.
The attacks didn’t stop at energy agencies. Bloomberg reported that hackers also infiltrated systems at the US Department of Education, Florida’s Department of Revenue, and the Rhode Island General Assembly.
However, those entities did not respond to media requests for comment. A Florida spokesperson said the SharePoint issues are “being investigated at multiple levels of government,” but gave no further details.
Cybersecurity researchers have detected breaches on over 100 servers across 60 different organizations. These include energy firms, consulting companies, and universities.
A person familiar with the investigation said that governments from Europe to the Middle East were also targeted.
Patches fail to prevent persistent access
Although Microsoft released software patches in July to close the security holes, attackers have found ways around them. Eye Security, a cybersecurity firm involved in the investigation, said the vulnerabilities allowed attackers to steal authentication keys, impersonate users, and stay inside systems even after updates and reboots.
“There were ways around the patches,” said Vaisha Bernard, Eye Security’s chief hacker and co-owner. “That allowed these attacks to happen.” Bernard explained that the attacks were not targeted but widespread, aiming to compromise as many systems as possible.
Eye Security has detected compromised servers across multiple continents, including victims in Saudi Arabia, Vietnam, Oman, the UAE, South Africa, the EU, and the Americas.
While the firm declined to name affected organizations, it confirmed that the list includes both government bodies and multinational corporations.
Hackers reportedly stole sign-in credentials such as usernames, passwords, hash codes, and security tokens. According to cybersecurity experts, this kind of data could be used to conduct further attacks or impersonate legitimate users over long periods.
A separate cybersecurity report, reviewed by Bloomberg, said that one of the compromised organizations is a US-based healthcare provider. Another target was a public university in Southeast Asia. The hackers also attempted to breach SharePoint servers in at least ten countries, including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK, and the US.
Growing scrutiny over Microsoft’s security practices
Microsoft has come under increasing scrutiny over its cybersecurity practices. A 2024 US government report criticized the company’s security culture, saying it was in need of urgent reform.
In response, Microsoft has been reportedly holding weekly meetings with top executives and hiring security experts, including former US government officials, to tighten its defenses.
The Chinese Embassy in Washington issued a statement rejecting the claims, “China firmly opposes all forms of cyberattacks and cybercrime.”
“At the same time, we also firmly oppose smearing others without solid evidence. We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations.”
Cybersecurity experts think these attacks are part of a larger plan to use business software hacks for political or economic gain.
Microsoft continues to urge organizations to apply all updates, move to cloud-based systems when possible, and use multiple layers of security to spot suspicious activity.
Microsoft ping!................
Microsoft ping!................
Yaa, that kind of happens when you Chinese nationals as your software engineers.
This is not an accident.
education agencies? Is the DOE a target?
Sum Ting Wong with that?....................
When the only tool you have is a hammer, everything looks like a nail...................
China is one of Microsoft’s best customers.
Microsoft is one of China’s best customers...............
/
Oh that's rich Billy
YOU hired them with your CCP based and run Azure tech support contract that opened a back door into every gov computer in the nation
( EP134: EXPOSED: Microsoft Allowed China Access To DOD Cyber Systems
https://rumble.com/v6wd4lc-ep134-exposed-microsoft-allowed-china-access-to-dod-cyber-systems.html )
Hegseth shut down that espionage
cloud crap
https://www.youtube.com/watch?v=mdKTkKollCE
and now you want to avoid responsibility.
Not gonna work Billy, you're going down bill gates, either to prison at best or the gallows at worst if there is any justice left in this nation. Spit
I think we attack China as much, if not more than the attack us. So, there is that, at least.
Yep...
DOE, Department of Energy. Nuke weapons and the like.
Gates is despicable. However, Gates also isn’t CEO of Microsoft.
Gates is despicable. However, Gates also isn’t CEO of Microsoft.
/ well that’s good news that the CCP espionage enabling collusioners just will have more cell mates .
Bill sat on the board of directors when the CCP access to gov computers was facilitated.
He’s culpable.
He also warned about some of the cheap streaming devices and micro computers coming out of China. He said once you give them access to your network, they can begin doing dirt work on anything attached to the network to grab data.
You create a password and Microsoft will use bitlocker to encrypt your pc BUT they allow the communist Chinese access so what is the point if companies like Microsoft have no security?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.