Microsoft is facing a widespread cyberattack targeting vulnerabilities in its SharePoint server software, with evidence of exploitation dating back to July 7, 2025. The attacks have compromised over 400 organizations globally, including U.S. government agencies such as the Department of Homeland Security (DHS), Department of Health and Human Services (HHS), the U.S. Nuclear Weapons Agency, and critical infrastructure entities. Cybersecurity analysts warn of ongoing active attacks and potential security breaches worldwide. The hacking campaign involves Chinese state-sponsored groups identified by Microsoft as Linen Typhoon, Violet Typhoon, and Storm-2603. These groups have exploited a zero-day vulnerability and a flawed patch dating back to 2020 to gain persistent access, steal cryptographic keys, and deploy ransomware, specifically the Warlock ransomware strain. The cyber espionage operation has raised national security concerns due to the targeting of sensitive government and infrastructure networks. Additionally, Chinese firms linked to these state-backed hackers have filed multiple patents for cyber espionage tools targeting a range of devices, including Apple products, routers, and smart home technologies. Experts warn that the SharePoint breach could lay the groundwork for more consequential attacks in the future. Microsoft acknowledged the flaw but has faced criticism for ineffective patching. The U.S. leads in the number of targets, followed by the UK, France, and Germany. The Fermi National Accelerator Laboratory, part of the Department of Energy's national labs, was also targeted in the campaign.