Security experts at Google and Microsoft have confirmed that China-backed hackers are exploiting a zero-day flaw in Microsoft SharePoint, prompting urgent global patching efforts.
The vulnerability, tracked as CVE-2025-53770, was discovered last weekend. It affects self-hosted SharePoint servers, enabling attackers to steal sensitive private keys. Once exploited, the flaw lets hackers deploy malware, access internal files, and move laterally across networks.
Microsoft reported that two known China-linked groups Linen Typhoon and Violet Typhoon are actively using the bug. Linen Typhoon is known for intellectual property theft, while Violet Typhoon focuses on espionage. A third group, Storm-2603, also linked to China and past ransomware activity, has joined the exploitation efforts. Attacks have been traced back to at least July 7.
Google’s Mandiant unit confirmed that one China-based group was involved early on, and that multiple threat actors are now exploiting the flaw. Dozens of organizations, including government bodies, have already been compromised.
Since the bug was discovered while it was already under active exploitation, it qualifies as a zero-day. Microsoft has since issued patches for all affected SharePoint versions. However, experts urge users of self-hosted servers to assume breach and investigate for signs of compromise.
Responding to the allegations, a spokesperson for China’s embassy in Washington reiterated the country’s opposition to cyberattacks, without directly addressing the accusations.
This incident follows earlier campaigns, including the 2021 Hafnium attacks that breached over 60,000 Microsoft Exchange servers.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
