Researchers say Chinese and other criminal hackers have exploited a security flaw in SharePoint software widely used by governments and businesses — and may come back.

Hackers connected to the Chinese government were behind at least some of the widespread attacks in the past few days on organizations that use collaboration software from Microsoft, defenders working on the intrusions said in interviews.

The breaches in the United States and other countries took advantage of a disastrous security flaw that drew attention this month, after Microsoft issued a patch that fixed only part of the problem in SharePoint, which is widely used to coordinate work on documents and projects.

“We assess that at least one of the actors responsible for this early exploitation is a China-nexus threat actor,” said Charles Carmakal, chief technology officer of Google’s Mandiant Consulting.

That breach has been attributed to group that Microsoft calls Silk Typhoon, which is linked to China’s Ministry of State Security. It is one of the most technically advanced hacking groups in the world and has been striking sensitive U.S. targets at an increased rate in the past year, The Post reported last week.

https://archive.is/bnUrf#selection-697.0-701.11