Chinese Hackers Breach Microsoft Systems, Exposing Global Cybersecurity Risks

Microsoft is facing renewed scrutiny after a major cyberattack campaign exploited vulnerabilities in its SharePoint software, compromising hundreds of organizations worldwide. The attack, linked to China-backed hacker groups, marks one of the most extensive breaches involving Microsoft systems in recent years.

The alarm was raised Saturday by Dutch cybersecurity firm Eye Security, which reported that attackers had rapidly exploited newly discovered flaws in on-premises SharePoint servers. Microsoft confirmed the report and issued patches to address the issue, emphasizing that cloud-based SharePoint installations remained unaffected.

According to Eye Security, over 400 systems were breached, including those belonging to government agencies in Europe, the Middle East, and the United States. Media reports suggest the U.S. nuclear weapons agency was among the targets.

“This is a serious threat, especially for on-premises SharePoint deployments used by governments, educational institutions, healthcare systems, and large enterprises,” warned Palo Alto Networks in a security advisory.

Microsoft attributed the attack to several Chinese state-sponsored groups, including Linen Typhoon, Violet Typhoon, and a lesser-known actor referred to as Storm-2603, which is believed with “moderate confidence” to be based in China. These groups have been active for years, often engaging in intellectual property theft and espionage.

The exploit allowed attackers to harvest login credentials and gain unauthorized access to SharePoint servers hosted on private infrastructure. Cybersecurity researcher Damien Bancal reported finding “ready-to-use exploit code” for the vulnerability circulating on popular online forums, raising the urgency for immediate mitigation.

The incident adds to a growing list of sophisticated breaches involving Microsoft systems. In 2021, the Silk Typhoon group compromised tens of thousands of Microsoft Exchange servers, prompting global concern over software supply chain vulnerabilities.

Microsoft has not disclosed the full extent of the damage from the latest breach, but with over 200 million SharePoint users as of 2020, the potential impact is significant.

“Microsoft isn’t the ultimate target—its users are,” said Shane Barney, head of information security at Keeper Security. “Its software is a gateway to valuable information for cybercriminals.”

Rodrigue Le Bayon of Orange Cyberdefense echoed the warning, noting that while Microsoft is currently in the spotlight, similar risks apply to other widely used software platforms. “This time it’s Microsoft. Tomorrow, it could be someone else,” he said.

Though other nations are advancing cyber capabilities, China continues to face the brunt of global accusations. Western governments and security firms have repeatedly accused Beijing of sponsoring hacking campaigns aimed at democratic institutions, critical voices, and companies in sensitive industries.