Read More : Judges Remove Trump’s Ex-Lawyer from Prosecutor Role

In response, Microsoft released security patches and urged all on-premises SharePoint server users to apply them immediately. The company expressed “high confidence” that the threat actors will continue targeting unpatched systems. Investigations are ongoing to determine if other actors are using the same exploits. The UK’s National Cyber Security Centre confirmed that a limited number of UK-based customers were also impacted.

According to Microsoft, attackers sent crafted requests to vulnerable SharePoint servers, which allowed them to steal key cryptographic material. This access enabled long-term intrusion into targeted networks. Charles Carmakal, a cybersecurity expert, said the hackers acted opportunistically, exploiting the flaw broadly before the patch became available. The primary targets appeared to be governments and enterprises operating on vulnerable infrastructure.

Attackers Focused on Espionage and Data Theft, Microsoft Says

Microsoft outlined the suspected motivations and patterns behind the cyberattacks. It said Linen Typhoon has conducted operations for more than a decade, primarily targeting intellectual property from entities related to defense, human rights, and strategic planning. The group’s aim appears to be aligned with China’s state interests.

Violet Typhoon has reportedly focused on espionage activities. Its targets include former military and government officials, NGOs, think tanks, academic institutions, media outlets, financial organizations, and healthcare providers across the US, Europe, and East Asia. Microsoft described Storm-2603 as a China-based threat actor, though its links to the government remain less certain.

Despite China’s denial, Microsoft insists on the credibility of its findings. Liu Pengyu, spokesperson for the Chinese embassy in Washington, rejected the claims, calling them unsubstantiated. He reiterated China’s opposition to all forms of cybercrime.

Read More : Google Updates iOS Chrome With Account Separation Tools

Experts stress the significance of this breach. The actors exploited a weakness in SharePoint’s cryptographic processes, gaining persistent access to confidential information. Microsoft has committed to updating the public through its blog as investigations continue.

The company advised customers to monitor system logs and reinforce cybersecurity protocols. With geopolitical tensions already high, these revelations add further strain to relations between Western governments and Beijing. For organizations still using on-premises SharePoint servers, updating systems remains the most immediate safeguard against further intrusion.

The post Microsoft Says Chinese Hackers Breached Its Servers appeared first on Amynicole.