Following a warning earlier this week from Microsoft about “active attacks” targeting its SharePoint Server customers via known exploits, the company has released additional information regarding the security breach. According to Microsoft, on-premises SharePoint servers have been compromised by three alleged Chinese nation-state groups: Linen Typhoon, Violet Typhoon, and Storm-2603, using a known spoofing vulnerability along with a remote code execution flaw.

Reuters reported that Vaisha Bernard, a cyber expert at Eye Security, noted that around 100 organizations were affected, primarily in the United States and Germany. This breach notably included entities within the government sectors.

Bloomberg reported that a source familiar with the situation disclosed that the attackers utilized these SharePoint vulnerabilities to access the US National Nuclear Security Administration, although no sensitive data is believed to have been exposed. This agency oversees the management of the United States’ nuclear arsenal and ensures the safety of nuclear-powered submarines.

Consequently, Microsoft emphasizes that all customers should promptly apply the latest updates to their SharePoint systems to mitigate any vulnerabilities. The impact of such hacking schemes continues to escalate, prompting organizations to reassess their cybersecurity measures.