Microsoft confirms Chinese hackers breached U.S. nuclear agency via SharePoint flaw
Over 400 global entities hacked in major cyberattack linked to China; critical SharePoint vulnerability exposes encryption keys, warns Microsoft; urges immediate security updates after widespread state-sponsored breach
Microsoft has acknowledged that Chinese hackers exploited a critical vulnerability in its SharePoint software, breaching hundreds of organizations — including the U.S. agency overseeing nuclear weapons and numerous government bodies across Europe and the Middle East.
The breach, first detected on July 7, enabled the attackers to upload malicious scripts and steal cryptographic materials, according to Microsoft.
The company attributed the attack to Chinese threat groups Linen Typhoon and Violet Typhoon, while also warning that Storm-2603 had targeted its systems, according to Al-Rai daily.
Dutch cybersecurity firm Eye Security reported that more than 400 organizations were compromised. Affected institutions include the U.S. National Institutes of Health, energy companies, universities, and government agencies.
Security expert Carlos Perez described the vulnerability as allowing unauthenticated remote code execution, warning that it could be weaponized to hijack critical infrastructure if left unpatched.
Microsoft has released urgent security updates and is urging all customers to install them immediately to mitigate further risk.
