A significant flaw in a widely used Microsoft product allowed multiple Chinese-linked hacking groups to breach dozens of organizations across the globe and at least two U.S. federal agencies.
Microsoft first reported Saturday that unknown hackers were exploiting a significant flaw affecting its customer-managed SharePoint servers, a widely used workplace collaboration platform. | Jason Redmond/AP
By John Sakellariadis and Dana Nickel07/22/2025 12:05 PM EDT
Three China-linked hacking groups are among those responsible for a sweeping cyberattack against users of popular Microsoft server software that has already impacted dozens of organizations across the globe.
Federal investigators believe multiple U.S. government agencies are among the early victims of the ongoing cyber exploitation campaign, though the full scope is not yet clear, according to two U.S. officials with knowledge of the matter.
Microsoft confirmed in a blog post Tuesday that three Chinese hacking gangs — known as Violet Typhoon, Linen Typhoon and Storm-2603 — are involved in the hacking effort. At least two U.S. federal agencies are among the roughly 100 suspected victims of the hacks thus far, said one U.S. official directly involved in the incident response and a second who has been briefed on it. Both people were granted anonymity due to the ongoing nature of the incident.