In a stark reminder of the escalating cyber threat landscape, multiple sophisticated cyberattacks attributed to state-sponsored actors have emerged over the past three weeks, targeting a diverse array of government agencies, critical infrastructure, and high-tech industries across the globe.

In the United States, Microsoft disclosed that several of its on-premises SharePoint servers had been compromised by groups identified as Storm-2603, Linen Typhoon, and Violet Typhoon – cyber units allegedly with ties to China’s Ministry of State Security. These actors exploited two previously unknown vulnerabilities – CVE-2025-49704 and CVE-2025-49706 – to infiltrate nearly 400 organisations worldwide. Among the most notable victims were the U.S. National Nuclear Security Administration (NNSA) and the National Institutes of Health (NIH), raising serious concerns about national security and the integrity of sensitive government systems.

What began as a campaign of digital espionage soon took a more financially motivated turn. Storm-2603, one of the groups responsible for the SharePoint exploitation, shifted tactics by deploying Warlock ransomware within breached systems. This hybridisation of espionage and ransomware represents an alarming evolution in threat actor behaviour, blurring the lines between state-sponsored surveillance and profit-driven disruption.

Singapore’s Cyber Security Agency also confirmed that the country’s critical information infrastructure had come under attack. Though specifics remain classified, the intrusion has been linked to UNC3886, a known Chinese cyber-espionage group. The breach highlights growing digital vulnerabilities in Southeast Asia amid intensifying geopolitical tensions and increasing reliance on digital systems for national operations.

Meanwhile, in Taiwan, a trio of threat actors – codenamed UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp—launched coordinated cyber-espionage campaigns against the island’s prized semiconductor industry. Occurring between March and June but only recently disclosed, the attacks appear focused on exfiltrating intellectual property and disrupting chip manufacturing capabilities, a sector that sits at the heart of the global technology supply chain and the ongoing U.S.-China tech standoff.

Adding a legal dimension to the cyber escalation, Italian authorities recently arrested Xu Zewei, a Chinese national believed to be associated with the Silk Typhoon hacking group. He faces multiple charges in the United States, including wire fraud and unauthorised access to protected computer systems, signaling that law enforcement efforts against foreign cybercriminals may be gaining ground - albeit slowly.