Chinese Hackers Breach Global Systems Using Microsoft Vulnerabilities
Bloomberg News reported that state-sponsored hackers from China have compromised sensitive systems worldwide, leveraging vulnerabilities in Microsoft software to do so. Specifically, the hackers, linked to groups like Linen Typhoon, Violet Typhoon, and Storm-2603, exploited flaws in SharePoint document-sharing software, which allowed them to access internal files across various organizations.
While Microsoft is working on fixing these security gaps, researchers have confirmed that over 100 servers, associated with around 60 organizations including the U.S. National Nuclear Security Administration (NNSA), have been breached. The NNSA, which operates under the Department of Energy (DOE), manages the country’s nuclear arsenal and is involved in ensuring safety against nuclear terrorism and proliferation.
A source familiar with the situation shared that multiple DOE systems have been breached, though no classified or sensitive information has reportedly been stolen. The DOE did not respond to requests for comment.
Other agencies impacted include the U.S. Department of Education and the Florida Department of Revenue, with estimates suggesting up to 10,000 organizations globally could be affected. Silas Cutler, a researcher at a Michigan cybersecurity firm, noted that this situation presents a significant opportunity for ransomware operators, especially with many attackers planning activities over the weekend.
Chinese officials have denied any involvement in these cyberattacks, which are part of a broader narrative identifying China as a major cybersecurity threat to both government and private sectors in the U.S. The Office of the Director of National Intelligence has termed China as America’s top adversary in cyberspace, with previous breaches affecting not just government communications but major infrastructures, like power grids and ports.
For more than a decade, Microsoft has focused on modernization efforts across the U.S., involving “digital escorts”—low-paid workers with security access—who have acted as intermediaries, entering commands from Chinese engineers into U.S. Defense networks. Following concerns about potential access to sensitive data, national security and cybersecurity experts pressured Microsoft to end this practice.
