According to Microsoft, groups named Linen Typhoon and Violet Typhoon, along with China-based Storm-2603, have been abusing security flaws in on-premises SharePoint servers rather than cloud-based services.
Microsoft has released security updates to address these vulnerabilities and urged all users to apply the patches immediately.
The company emphasized that it is "highly confident" attackers will continue targeting unpatched systems and stated it will provide ongoing updates on its blog as the investigation progresses.
