MS's hosted version of SharePoint. It's apparently unimpacted by this current round of attacks. DOD (since it's been brought up by other commenters) makes significant use of this.
People hosting SharePoint instances themselves. Some on-prem, some with rented computers. These are the impacted ones. It's not about "the cloud", it's about hosted SharePoint having weaknesses that were exploited and many organizations apparently leaving their SharePoint instances accessible over the open internet. These hosted instances are also probably old and unpatched which doesn't help things. Some (many?) units within DOD make use of this, but definitely not all.
I mean, dumber things have happened. Governments have destroyed their own government buildings to blame on the opposition and gain sympathy for their causes.
Yes, false flags. That's usually used to motivate people to go attack someone or to garner sympathy or support for a cause. MS's products being subject to attacks because they have numerous vulnerabilities does not encourage anyone to go out and buy other MS products.
You sink one of your own naval vessels (or it sinks due to an accident and you take advantage of the situation) and blame it on an enemy. That enemy is now the target of your military and your population approves.
A shipbuilder hires someone to poke a hole in 1000 of their ships that are so badly designed and manufactured that it only takes a rubber ducky bouncing off the hull to sink them does not encourage anyone to go back to that shipbuilder.
False flags (particularly of the "let's kill or maim hundreds of our own people and other innocent people" variety) push into evil territory. They aren't dumb on their own, they're calculated risks predicated on the willingness of the masses to fall in line after a catastrophe.
Deliberately hurting your own customers by using weaknesses in your own systems in order to motivate them to go buy your other products or services is dumb.
MS's hosted version of SharePoint. It's apparently unimpacted by this current round of attacks. DOD (since it's been brought up by other commenters) makes significant use of this.
People hosting SharePoint instances themselves. Some on-prem, some with rented computers. These are the impacted ones. It's not about "the cloud", it's about hosted SharePoint having weaknesses that were exploited and many organizations apparently leaving their SharePoint instances accessible over the open internet. These hosted instances are also probably old and unpatched which doesn't help things. Some (many?) units within DOD make use of this, but definitely not all.