Overview

• Microsoft attributes the coordinated cyber-espionage campaign to Beijing-linked groups Linen Typhoon, Violet Typhoon and Storm-2603.
• Attackers exploited an unreported zero-day flaw in on-premises SharePoint to execute remote code and exfiltrate sensitive data.
• Security firm Eye Security estimates roughly 400 government and corporate organizations have been compromised across multiple continents.
• Microsoft released initial patches for the vulnerability and said it is working on additional fixes to close remaining gaps.
• U.S. and allied agencies including CISA and the FBI have opened probes into the campaign, as the Chinese embassy denies the allegations.