State-Sponsored Exploits: The Microsoft SharePoint Breach and Its Fallout
A sophisticated cyberattack linked to Chinese nation-state actors has compromised multiple U.S. federal agencies, including the Department of Homeland Security (DHS) and the Department of Health and Human Services (HHS), through vulnerabilities in Microsoft SharePoint. Microsoft attributed the breach to two groups—Linen Typhoon and Violet Typhoon—who exploited exposed internet-facing SharePoint servers to deploy ransomware. Affected systems included those at the Defence Intelligence Agency and the National Institutes of Health, which are involved in critical biomedical research.
U.S. officials stated that the White House acted swiftly to mitigate the breach, with the Cybersecurity and Infrastructure Security Agency (CISA) leading a coordinated national response. Microsoft has released patches to close the exploited vulnerabilities, and no data exfiltration has been confirmed at DHS as of the time of writing. The incident underscores ongoing tensions in cyber attribution and the continued vulnerability of widely used enterprise platforms.
