A series of cyberattacks targeting Microsoft collaboration software, specifically SharePoint, have been linked to Chinese hackers and threat actors.

Unknown threat actors have reportedly breached the National Nuclear Security Administration's (NNSA) network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain.

One of the hacked organizations reportedly includes the U.S. agency responsible for maintaining the country's stockpile of nuclear weapons. China-backed hackers have been observed carrying out the hacks targeting SharePoint servers.

A new vulnerability dubbed ToolShell is being used to compromise on-premise instances of Microsoft SharePoint servers. Attacks have ranged from highly targeted to opportunistic based on the value of the company operating the server.