Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor,

Microsoft has issued an alert about “active attacks” on server software used by government agencies and businesses to share documents within organizations, and recommended security updates that customers should apply immediately.

Microsoft issued an emergency fix to close off a vulnerability in its SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies.

Among the attackers now actively exploiting vulnerable on-premises Microsoft SharePoint servers, at least one has shown indications of originating from China, according to the assessment of researchers at Google Cloud-owned Mandiant.

A sweeping cyber espionage operation targeting Microsoft server software compromised about 100 organizations as of the weekend, two of the organizations that helped uncover the campaign said on Monday.