Microsoft has attributed recent attacks targeting organizations using a Microsoft SharePoint server exploit to Chinese government-affiliated hacking groups. In a security blog post, Microsoft identified Linen Typhoon, Violet Typhoon, and Storm-2603 as the actors exploiting these vulnerabilities on internet-facing SharePoint servers. Eye Security reports that 54 organizations have already been breached, including a private university. Investigations are ongoing to determine if other actors are also involved. The attacks highlight the importance of promptly patching security vulnerabilities to prevent exploitation by nation-state actors.