Urgent: Chinese State-Backed Hackers Exploiting New Microsoft SharePoint Zero-Day; Patches Released
Urgent: Chinese State-Backed Hackers Exploiting New Microsoft SharePoint Zero-Day; Patches Released
Security researchers at Google and Microsoft have confirmed that China-backed hacking groups are actively exploiting a critical zero-day vulnerability in Microsoft SharePoint, identified as CVE-2025-53770. This flaw allows attackers to steal sensitive private keys from self-hosted SharePoint versions, enabling them to plant malware and gain unauthorized access to internal documents and network systems.
Microsoft reported observing at least three China-linked groups—Linen Typhoon, Violet Typhoon, and Storm-2603—exploiting the bug since as early as July 7, 2025. Linen Typhoon is known for intellectual property theft, while Violet Typhoon focuses on espionage. Google’s Mandiant also corroborated the involvement of China-nexus groups, noting that multiple actors are now leveraging the vulnerability.
Dozens of organizations, including those in the government sector, have already been compromised. Microsoft has since released emergency patches for all affected SharePoint versions. However, security experts warn that organizations running self-hosted SharePoint should assume they have been breached and take immediate remediation steps.
The Chinese government, through its embassy in Washington, D.C., has stated its firm opposition to all forms of cyberattacks, though it has not explicitly denied involvement. This incident marks the latest in a series of sophisticated cyber campaigns attributed to China-backed actors, following similar large-scale attacks like the 2021 Microsoft Exchange breaches.
Disclaimer: This content is aggregated from public sources online. Please verify information independently. If you believe your rights have been infringed, contact us for removal.