Recent investigations have identified hacking attempts on Microsoft’s SharePoint servers by Chinese threat actors, including Linen Typhoon and Violet Typhoon, as well as the China-based group Storm-2603. The hackers exploited vulnerabilities in on-premises servers to access sensitive business data, a method not affecting Microsoft’s cloud-based services. Microsoft has since released security updates and strongly advises its customers to apply these patches promptly.

In a statement, Microsoft indicated they maintain "high confidence" that the hackers will continue to exploit unpatched systems. Charles Carmakal, from Mandiant Consulting, reported numerous victims across various sectors globally and emphasized that both governments and businesses that utilize SharePoint are the primary targets. This attack marks a notable and opportunistic breach, drawing parallels to previous efforts linked to Chinese state-sponsored hacking groups.

Since 2010, Linen Typhoon has focused on intellectual property theft, particularly against organizations involved in government, defense, and human rights. Violet Typhoon has been active in espionage, directing efforts toward former military staff, NGOs, and various sectors across multiple regions. Meanwhile, Storm-2603 is identified as a China-based threat actor with capabilities to compromise sensitive information.