Microsoft says China-based threat actors behind SharePoint attacks | AHA News - American Hospital Association

Jul 24, 2025 - 04:27 PM Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based threat actors. The company said the attacks include state-sponsored actors from the Linen Typhoon and Violet Typhoon groups, as well as China-based actor Storm-2603. The attacks have not impacted SharePoint Online in Microsoft 365.  The new announcement includes updated indicators of compromise and clarified mitigation and protection guidance.  The AHA July 21 released an advisory with additional information on the attacks.  For more information on this or other cyber and risk issues, contact Scott Gee, AHA deputy national advisor of cybersecurity and risk, at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity. Cybersecurity HEADLINE Microsoft warns of sophisticated phishing campaign heavily targeting health care organizations Microsoft Threat Intelligence is warning of a large scale, multistage phishing campaign that disproportionately targeted the health care sector, sending “code… HEADLINE CISA announces initiative to bolster critical infrastructure against nation-state cyberattacks The Cybersecurity and Infrastructure Security Agency has launched a new initiative for critical infrastructure to defend against cyberattacks through proactive… HEADLINE Webinar to explore AI use in cybersecurity, health care technology  John Riggi, AHA national advisor for cybersecurity and risk, will moderate a webinar May 5 at 1 p.m. ET that will explore how bad actors are leveraging… HEADLINE AHA, Joint Commission announce cybersecurity readiness effort  The AHA and Joint Commission May 4 announced the launch of the Cyber Resilience Readiness program, an initiative to help hospitals and health systems assess… HEADLINE Agencies issue guidance on adopting agentic AI systems The Cybersecurity and Infrastructure Security Agency, National Security Agency and international partners have released guidance on adopting agentic artificial… HEADLINE Advisory details shifting tactics of Chinese cyber actors using covert networks for malicious activity A joint advisory released April 23 from U.S. and international cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency, FBI,…