TechnologySecurity

Microsoft: Chinese hacking groups were part of SharePoint attacks

By Rishav Kumar
4 Min Read
Highlights
  • Microsoft identified three hacking groups tied to China exploiting a vulnerability in its SharePoint collaboration platform.

A major security bug in Microsoft’s SharePoint software has let hackers break into the computer systems of more than 100 organizations, including government agencies and big businesses in the US and Europe. The hackers, believed to work for the Chinese government, used new loopholes in SharePoint to get inside these networks starting in early July 2025.

What Happened?

  • The hackers took advantage of new “zero-day” flaws, which means nobody outside Microsoft knew about the bugs before the attacks started.
  • SharePoint is widely used by offices and governments to organize, share, and store documents and files.
  • The main bugs are called CVE-2025-53770 and CVE-2025-53771. These allowed hackers to break in without needing a password, run code on servers, and potentially see or steal sensitive files.
  • Only on-premises (meaning servers that organizations run themselves, not Microsoft’s cloud) SharePoint systems were hit.

Who Were the Hackers?

Microsoft found that three groups were involved, all believed to work for or with the Chinese government:

  • Linen Typhoon: Has targeted governments, human rights groups, and military contractors since 2012.
  • Violet Typhoon: Goes after government workers, NGOs, and think tanks, mainly for spying.
  • Storm-2603: Less well-known but has a history of using ransomware.

Which Groups Were Affected?

  • At least 100 organizations lost control over their SharePoint servers. Many victims are in the US and Germany. Some are government offices, and one report said the US nuclear weapons agency was among them.
  • Companies in telecommunications, software, and other critical services were also targeted.

How Did the Attack Work?

  • Hackers got inside by tricking SharePoint into running their code through “unsafe deserialization.” That’s a tech way of saying they made the software open the door to dangerous files.
  • Once inside, they could stay hidden and move around, even after the first security patches came out, because they found new ways around each fix.
  • Security experts said hackers could watch what was happening or wait for the right time to cause more harm.

What Is Being Done Now?

  • Microsoft rushed out emergency security updates. Anyone with their own SharePoint server was told to install the latest updates right away.
  • The US Cybersecurity and Infrastructure Security Agency (CISA) issued warnings and ordered federal agencies to fix their systems quickly.
  • Older versions no longer get security updates. Organizations running outdated software were urged to upgrade immediately.

Why This Matters

  • Attacks like this can let hackers look at secret government files, steal company information, or plant ransomware.
  • Some experts compared this hack to a major incident in 2021, when another Microsoft product was broken into by similar means.
  • Even after a fix, hackers who already got inside can stay on systems, waiting to attack again in the future.

This event shows how quickly hackers take advantage of new software bugs and why it’s so important for organizations to keep their software updated and be alert for suspicious activity.

Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version