Chinese hackers exploit a newly discovered vulnerability in Microsoft's SharePoint software, according to Microsoft's latest security alert. - Chinese hackers leverage newly discovered weakness in Microsoft's SharePoint platform for malicious activities.
In a concerning development, multiple Chinese state-backed hacking groups are actively exploiting a critical zero-day vulnerability in Microsoft SharePoint, officially designated CVE-2025-53770. This vulnerability, discovered in early July 2025, has the potential to allow attackers to steal sensitive private keys from on-premises SharePoint servers, plant malware remotely, and gain unauthorized access to stored files and connected network systems[1][2].
Microsoft has identified at least three Chinese-linked hacking groups exploiting this vulnerability: Linen Typhoon, Violet Typhoon, and Storm-2603. Linen Typhoon focuses on stealing intellectual property, while Violet Typhoon steals private information for espionage purposes. Storm-2603, although less known, has been linked to prior ransomware attacks[1][2].
Besides CVE-2025-53770, other related SharePoint vulnerabilities being exploited include CVE-2025-49706 and CVE-2025-49704, with CVE-2025-53771 also acting as a patch bypass[2]. The campaigns have targeted thousands of organisations worldwide, including governments, large corporations, universities, and sensitive institutions. At least five U.S. federal agencies have been compromised, including the Department of Homeland Security (DHS), National Nuclear Security Administration, Department of Education, and Department of Health and Human Services. The DHS's Cybersecurity and Infrastructure Security Agency (CISA) alerted multiple federal bodies about the breaches[3].
Over 100 organisations have been affected so far. The vulnerabilities were initially discovered by a Vietnamese military-owned telecom researcher at a cybersecurity competition in Berlin, who received a $100,000 bounty for reporting them. Microsoft issued patches earlier in July, but hackers quickly developed methods to bypass these fixes and continue exploiting the flaws[2].
The vulnerability, when exploited, allows unauthorized access to sensitive data. As a zero-day security hole, it is often targeted by intelligence agencies for covert exploitation. Attackers could maintain persistent access to systems even after the security hole is patched, posing significant risks including data theft, espionage, potential ransomware deployment, and broad compromise of sensitive governmental and private sector networks[1][2][3].
Microsoft has accused Chinese hackers of carrying out cyber attacks on multiple companies and agencies, and it is crucial for affected organisations to apply the Microsoft updates promptly to mitigate the risks. Locally operated servers for Microsoft's SharePoint program are affected by the cyber attacks.
Sources: [1] KrebsOnSecurity. (2025). Multiple Chinese State-Backed Hacking Groups Exploit Zero-Day in Microsoft SharePoint. [online] Available at: [Accessed 1 Aug. 2025]. [2] ZDNet. (2025). Microsoft issues emergency patches for SharePoint zero-day exploit. [online] Available at: [Accessed 1 Aug. 2025]. [3] The Hill. (2025). Hackers exploiting zero-day vulnerability in Microsoft SharePoint software, US officials say. [online] Available at: [Accessed 1 Aug. 2025].
In response to the ongoing cyberattacks, it is imperative that community and employment policies include measures to reinforce the prompt installation of Microsoft updates to mitigate risks associated with the exploitation of critical zero-day vulnerabilities in Microsoft SharePoint, such as CVE-2025-53770 and CVE-2025-49706, and to prioritize technology safeguards addressing cybersecurity threats, including the protection of sensitive data and networks.
In addition, given the global scale of targeting by Chinese state-backed hacking groups like Linen Typhoon, Violet Typhoon, and Storm-2603, it is essential for international institutions and organizations to collaborate in sharing threat intelligence and developing collective responses to counteract the long-term risks posed by these cybersecurity threats.
