Cyberattacks are increasing at an alarming rate, and recently, Microsoft has accused Chinese hackers of exploiting a critical vulnerability in SharePoint, a popular document management tool used by businesses and government agencies worldwide. 
According to Microsoft, these attacks are part of a broader campaign targeting sensitive infrastructure globally.
The tech giant claims that the attackers are state-sponsored Chinese groups, including Linen Typhoon and Violent Typhoon, who found a gap in on-premises SharePoint deployments, not in the cloud-based service. Another group, Storm-2603, has also been named in the attacks. These groups have previously been associated with ransomware attacks.
The vulnerability discovered in the self-managed versions of SharePoint allowed the hackers to bypass authentication, impersonate users, and gain unauthorized access to sensitive documents. Microsoft emphasized that its cloud-hosted SharePoint service was not affected by the exploit.
The attacks started on July 7th, but the vulnerability was not publicly disclosed until Microsoft alerted its clients. In response to these findings, Microsoft is issuing security patches to protect its users from further exploitation. Google’s CTO also confirmed that at least one of the groups involved has links to China.
In defense, the Chinese Embassy has rejected these claims, calling them unsubstantiated and denying any involvement in cyberattacks. The embassy also reiterated China’s stance against all forms of cybercrime.
Despite these denials, Microsoft continues to issue patches to prevent further breaches, and cybersecurity experts warn that more hacking groups might try to exploit similar vulnerabilities in the future.