Hackers attack Microsoft SharePoint, targeting organizations like U.S nuclear security

Microsoft security researchers reveal how Chinese nation-state actors exploited critical SharePoint vulnerabilities to infiltrate schools, government agencies, and nuclear security organizations before patches could be deployed.

Two Chinese threat groups, Linen Typhoon and Violet Typhoon, launched zero-day attacks against on-premises SharePoint servers, accessing private information and deploying ransomware in some cases. The vulnerabilities were discovered during a May hackathon contest, but hackers exploited them before Microsoft released patches in July. Organizations using legacy on-premises SharePoint systems face particular risk due to budget constraints and limited IT support resources.

• Zero-day attacks targeted schools, hospitals, state governments, and the U.S. National Nuclear Security Administration
• Hackers bypassed multi-factor authentication to gain remote access to SharePoint content and system configurations
• Over 50 organizations were compromised across dozens of on-premises servers
• Security experts recommend organizations assume their SharePoint systems have been breached and act accordingly