Microsoft Fights New SharePoint Breach Linked to Chinese Hackers
Microsoft is grappling with another security breach, this time involving its SharePoint software. The tech giant has accused Chinese hacking groups of exploiting flaws in the software, potentially affecting a significant number of victims due to Microsoft's extensive reach. This incident comes as Microsoft is in the midst of its ambitious Microsoft 365 Secure Future Initiative, aimed at bolstering its cybersecurity measures.
The attack, which began on July 7, targeted businesses and government agencies, including the US Department of Education. Microsoft has identified three Chinese hacking groups, two of which are linked to the Beijing government, as being behind the campaign. The company has swiftly issued patches for the flaws but warns that unpatched systems remain vulnerable.
Microsoft's Microsoft 365 Secure Future Initiative, launched before June 2025, is a multi-year project with 28 engineering objectives. Five of these objectives are nearing completion, with progress noted in fostering a 'security-first mindset' and meeting engineering goals. The initiative is part of Microsoft's ongoing effort to overhaul its cybersecurity, a vow made following its role in several major hacks in late 2023.
The full extent of the SharePoint breach is still being assessed, with the potential number of victims being significant. Despite this setback, Microsoft continues to work on the remaining engineering objectives of its Microsoft 365 Secure Future Initiative, aiming to strengthen its collective defenses against evolving threats. The company's reputation is at stake, and it is working to bolster its cyber defenses and rebuild trust.
