Among the attackers now actively exploiting vulnerable on-premises Microsoft SharePoint servers, at least one has shown indications of originating from China, according to the assessment of researchers at Google Cloud-owned Mandiant.

The move comes after a ProPublica report highlighted a Microsoft program that allows foreign engineers to indirectly interact with U.S. military systems through American “escort” intermediaries.

Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based threat actors.

A China-linked threat actor has been observed exploiting SharePoint servers to deliver ransomware, according to Microsoft researchers, in the latest sign of worsening attacks against on-premises SharePoint Server customers.

Microsoft has warned that Chinese state-sponsored hackers have breached its SharePoint software used by the US agency responsible for maintaining and modernizing the nation’s stockpile of nuclear weapons, according to a report.

The Chinese government has warned against using cyber security issues to defame the country, following the hacker attacks on Microsoft software. Foreign Ministry spokesman Guo Jiakun said in Beijing on Wednesday that he was not aware of the exact circumstances of the attacks.

US President Donald Trump urged tech giants to halt overseas hiring, emphasising job creation at home during an AI Summit. He criticised companies like Google and Microsoft for outsourcing and unveiled new executive orders aimed at reshaping AI infrastructure.

Hackers sponsored by the Chinese state have breached a number of U.S. government institutions, including the agency responsible for overseeing the security of America’s nuclear arsenal, Microsoft warned.

Researchers say Chinese actors, along with other criminal hackers, exploited a security flaw in SharePoint software widely used by governments and businesses.

The change follows a ProPublica report that outlined how Microsoft’s use of Chinese engineers left U.S. defense clients vulnerable to cybersecurity risks.