One of the hacked organizations reportedly includes the U.S. agency responsible for maintaining the country's stockpile of nuclear weapons. China-backed hackers have been observed carrying out the hacks targeting SharePoint servers.

Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor,

Microsoft has released security patches for the zero-day vulnerability chain dubbed ToolShell, capable of remote code execution on SharePoint, resulting in the exploitation of at least 54 organizations worldwide.

The incident has reportedly impacted the servers of federal agencies, schools, and energy companies. Some emergency patches have been deployed. On July 19, Microsoft alerted users that it was experiencing an active cyberattack on its SharePoint servers,

Microsoft is issuing an emergency fix to close off a vulnerability in Microsoft’s SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies.

A critical vulnerability in on-premise SharePoint servers allowed state-backed hackers to breach governments and institutions worldwide. Experts are questioning why more hasn't been done or said.

Federal cybersecurity officials have issued a warning to Microsoft users about a security flaw allowing hackers to access to certain SharePoint systems.

Microsoft said Chinese actor Storm-2603 is deploying Warlock ransomware following the exploitation of vulnerabilities in on-prem SharePoint systems

Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it.