Microsoft blames Chinese state-backed hackers for SharePoint breaches; US Nuclear Agency among those hit

Microsoft has attributed a wave of cyberattacks targeting its on-premises SharePoint servers to Chinese nation-state actors, including well-known espionage groups Violet Typhoon and Linen Typhoon, as well as a third group, Storm-2603.

The attacks exploit two critical vulnerabilities — CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution flaw — which affect only on-premises SharePoint servers. Microsoft confirmed that SharePoint Online in Microsoft 365 remains unaffected.

What we know about the threat actors

Linen…