Key Takeaways
- A critical zero-day bug in Microsoft SharePoint is being exploited by China-backed hackers.
- At least three state-sponsored groups are targeting organizations to steal data and intellectual property.
- Security experts urge swift patching and forensic review, especially for self-hosted systems.
Security researchers from Google and Microsoft have uncovered an alarming new cyberattack campaign involving a critical Microsoft SharePoint vulnerability — CVE-2025-53770 — being actively exploited by multiple China-backed hacking groups.
The zero-day bug, discovered over the weekend, has already impacted dozens of organizations globally, with companies racing to patch their systems before further damage is done.
Zero-Day Flaw Targets Self-Hosted SharePoint Servers
The flaw resides in self-hosted versions of Microsoft SharePoint, a widely used document management platform in corporate and government environments. When exploited, the vulnerability enables hackers to remotely steal sensitive cryptographic keys, plant malware, and pivot to other internal systems on the same network.
Security researchers say the attack chain grants the intruders far-reaching access to internal files and data, allowing them to conduct surveillance, steal proprietary information, or disrupt operations.
Also Read: Bitpanda Takes Partnership With Paris Saint-Germain Into Web3, Ahead Of Vision (VSN) Launch
Multiple Chinese APT Groups Behind Coordinated Exploitation
Microsoft confirmed that at least three China-backed groups — Linen Typhoon, Violet Typhoon, and Storm-2603 — are exploiting the bug.
- Linen Typhoon is known for stealing intellectual property.
- Violet Typhoon typically harvests sensitive information for espionage.
- Storm-2603, less understood but linked to past ransomware activity, has also been observed in the campaign.
The hacking activity reportedly began as early as July 7, indicating that the zero-day has been exploited in the wild for weeks before detection.
Charles Carmakal, CTO of Mandiant (a Google-owned security firm), said multiple China-nexus actors are actively exploiting the vulnerability.
Microsoft Issues Patches, But Breaches Likely Ongoing
Microsoft has since released patches for all affected SharePoint versions. However, security researchers caution that organizations using on-premise installations should assume compromise and begin incident response efforts immediately.
The Chinese government has not commented on the allegations, though it has previously denied involvement in similar state-sponsored cyber operations — including the 2021 “Hafnium” Exchange server breach that impacted over 60,000 servers.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of CoinBrief.io. Before making any investment decisions, you should always conduct your own research. Coin Brief is not responsible for any financial losses.
