Hackers have reportedly breached over 400 organizations by exploiting a zero-day vulnerability in Microsoft SharePoint.

The flaw affects self-hosted versions of the server software and allows attackers to remotely execute malicious code. This gives them access to stored files and other systems.

Eye Security discovered the affected servers through internet scans.

Evidence shows the exploitation began as early as July 7.

Among the targets is the National Nuclear Security Administration (NNSA), which oversees the US nuclear arsenal.

The Department of Energy has not commented.

Both Microsoft and Google suspect hackers linked to China, though the Chinese government has denied involvement.

Recent Microsoft developments