After Microsoft’s warning of Microsoft earlier this week, “active attacks” were targeting their sharepoint server customers through a known exploitation, the company has now released a blog post which has revealed more information about the violation. According to MSThe on-primeses Sharepoint server was attacked through a known spuofing vulnerability and a distance code performance by three alleged Chinese nation-state actors, linen typhoon, vilet typhoon and Storm-2603.
Reuters reported On Monday, according to Vaisha Bernard, about 100 organizations were compromised as the main hackers, weekends in I Security. Shady foundation Said that most of the affected people were in the United States and Germany, and the victims included government organizations.
Bloomberg reports since then A person with knowledge of that case confirmed that hackers used Sharepoint defects US national nuclear safety administrationAmong others, although no sensitive or classified information was compromised. The American federal agency is responsible for the management and maintenance of American nuclear weapon stockpile, as well as providing nuclear propulsion plants for American submarines and promoting international nuclear security.
A security patch appears to be released earlier this month Failed to fix the weaknessesWhich was first identified in a hacking competition in Berlin in May.
Microsoft says that only on-makes were affected by the server hack, and that weakens in the question (Cve-2025-49706 And Cve-2025-49704 Respectively) Since then, all supported versions of Sharepoint Server have been successfully patched. MS recommends “customers should apply these updates immediately” to ensure that they are preserved.
“With the rapid adoption of these exploits, Microsoft assesses with high confidence that the actor will continue to integrate them into their attacks against the anappecard on-primeses Sharepoint system,” the company continues.
“Customers should integrate and enable all on-rims scan interfaces (AMSI) and Microsoft Defender Antivirus (or equivalent solution) and configure AMSI to enable full mode to all on-dimensions sharepoint sins.
I think it can be quite a headache for sysadmins working with Sharepoint server, but it is better to be safe from sorry at this point. The identified hacking groups are said to have been responsible for a litni of digital offenses, with linen typhoon and violet typhoon, including intellectual property stealing, implementing government and military espionage and exploiting digital weaknesses to install web shells.
Hurricane -2603, meanwhile, appears to be more mysterious. MS states that it has assessed the group as a China-based actor with “moderate confidence”, although it is unable to connect it directly with hacking groups directly. Reuters also report that the Chinese Embassy in Washington has already issued a statement, which confirmed that China is against all forms of the cyber attack, and it strongly opposed “staining to others without solid evidence”.
“We hope that the relevant side will adopt a professional and responsible attitude while marking cyber events, which base their conclusions on adequate evidence rather than unfounded speculation and allegations,” the embassy said.
In 2023, Microsoft made headlines on a high-profile US government email hack, which was also held responsible for Chinese hacking groups. The Federal Cyber Safety Review Board later released a report on the incident, “identified the cascade of Microsoft’s avoidable errors, which allowed the infiltration to succeed.” Given that Microsoft’s server infrastructure is very comfortablely associated with the operation of the US government sensitive at this point, and the potential severity of this particular violation, it remains to be seen whether the US government will again order a similar review.
Best Gaming PC 2025
