Microsoft has disclosed a widespread cyber-espionage campaign targeting vulnerabilities in its SharePoint server software, affecting over 400 organizations globally, including U.S. government agencies such as the Department of Homeland Security, Department of Health and Human Services, and the U.S. Nuclear Weapons Agency. The attacks, traced back to at least July 7, 2025, involve state-sponsored Chinese hacking groups identified by Microsoft as Linen Typhoon, Violet Typhoon, and Storm-2603. These groups have exploited zero-day flaws in SharePoint to steal sensitive data, maintain persistent access, and deploy ransomware, notably the Warlock strain. The campaign, dubbed 'ToolShell' by cybersecurity experts, has led to thousands of compromise attempts worldwide, with the U.S. being the most targeted country. Microsoft has released patches for the vulnerabilities, but experts warn the breach could enable more consequential future attacks. In response, Chinese cybersecurity associations have accused U.S. agencies of exploiting Microsoft software vulnerabilities in cyberattacks against China's defense sector, highlighting escalating tensions in cyber operations between the two nations.