A massive China-associated cyber campaign by three intelligence agencies has hacked several US federal agencies and private organizations worldwide, a Politico report found. The attackers targeted a highly critical flaw in Microsoft SharePoint, an office-sharing program commonly used worldwide.

The breach, which has been referred to as the Microsoft SharePoint hack, has shaken cybersecurity authorities around the world. The breach, which was apparently discovered at the weekend, affects the customer-managed, on-premises versions of SharePoint. Microsoft assured that its cloud-hosted SharePoint versions are not compromised.

Who are the Hackers?

The attackers were also known as Violet Typhoon, Linen Typhoon, and Storm-2603. The three were suspected to be state-sponsored and have conducted cyber operations against Western institutions before. Microsoft confirmed their presence in a blog entry and added that these actors are now using the SharePoint vulnerability in their campaign.

This latest Microsoft SharePoint hack is just the most recent in a series of similar hacks that have been blamed on Chinese hackers. Suspected Chinese cyber attackers allegedly broke into the email accounts of the US ambassador to China and US Commerce Secretary in 2023 via Microsoft security loopholes.

Scope of the Breach

A minimum of four or five US federal agencies have been affected, two senior government officials revealed on a condition of anonymity. This is going to be a process that continues to try to find out the extent of the breach, but officials believe "more than one" agency has suffered data breaches.

“This is not the lone instance," said one source, going on to say that investigations are ongoing.

The vulnerability lies in customer-managed SharePoint servers—older version servers widely utilized by government agencies and private industry organizations that have not yet transitioned to cloud services. The vulnerable servers are the initial points of attack for the attackers.

Rapid Response Afoot

Federal cybersecurity teams, private organizations, and Microsoft's own security team have taken swift response measures to counter the breach. Microsoft said it was working closely with the US Cybersecurity and Infrastructure Security Agency (CISA), the Department of Defense's Cyber Defence Command, and other global security partners.

A spokesperson for CISA stated that Microsoft had been "moving quickly" since the agency raised the alarm, and called on all concerned parties to update their systems immediately.

The threat actors will keep exploiting unpatched SharePoint servers, and the most effective defense is prompt mitigation," Microsoft's security team stated in their bulletin.

A Pattern of Vulnerability

This intrusion contributes to growing worry about Microsoft's software infrastructure safety. Microsoft has faced criticism in recent years from federal cybersecurity panels for not patching known vulnerabilities promptly, as well as for weak internal controls.

The Microsoft SharePoint hack not only testifies to persistent threat by state-sponsored actors, but also raises more profound questions about infrastructure security at the heart of critical government operations.

As a precautionary measure following the breach, the Pentagon announced that it would be auditing its on-premises and cloud systems, especially those receiving foreign technical support.

The Worldwide Impact

Although initial reports focus on US agencies, cybersecurity experts believe the Microsoft SharePoint hack may have global consequences. Many global businesses and governments use on-premises SharePoint editions themselves, which might then be exposed if they have not applied the most recent patches.

The attack serves as a reminder that legacy environments remain soft targets for sophisticated threat actors. Organizations across the globe are being asked to conduct real-time audits of their SharePoint environment and ensure that they are using up-to-date versions of software.