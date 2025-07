The breaches in the United States and other countries took advantage of a disastrous security flaw that drew attention this month, after Microsoft issued a patch that fixed only part of the problem in SharePoint.

Hackers connected to the Chinese Government were behind at least some of the widespread attacks in the past few days on organisations that use collaboration software from Microsoft, defenders working on the intrusions said in interviews.

The breaches in the United States and other countries took advantage of a disastrous security flaw that drew attention this month, after Microsoft issued a patch that fixed only part of the problem in SharePoint, which is widely used to co-ordinate work on documents and projects.

“We assess that at least one of the actors responsible for this early exploitation is a China-nexus threat actor,” said Charles Carmakal, chief technology officer of Google’s Mandiant Consulting.

Another researcher, who, like others, spoke on the condition of anonymity because the inquiry is still under way, said federal investigators have evidence of US-based servers linked to compromised SharePoint systems connecting to internet protocol addresses inside China last week.

The FBI, the White House, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency declined to comment today.