State-backed hacking groups from China are actively exploiting a critical zero-day vulnerability in SharePoint, listed as CVE-2025-53770. Detected only recently, attackers have utilized it in the wild since at least July 7. SharePoint's wide adoption among businesses and government organizations makes exploitation serious, leading to potential theft of sensitive data and unauthorized access to internal systems. Multiple China-linked groups, such as Linen Typhoon and Violet Typhoon, have been identified as perpetrators. Dozens of organizations, including government entities, have suffered breaches, prompting urgent recommendations for affected users to assume compromise and secure their systems.
SharePoint is widely used by businesses, governments, and other organizations to store internal documents and files. Many companies run self-hosted versions of SharePoint - and that's exactly where this bug strikes.
Once attackers exploit this vulnerability, they can steal sensitive encryption keys, install malware remotely, gain access to private files and systems, and move across other systems on the same network.
Microsoft has named three China-linked hacker groups involved in the campaign: Linen Typhoon, known for stealing intellectual property; Violet Typhoon, which focuses on gathering data for espionage; and Storm-2603, linked to ransomware activity.
Dozens of organizations have already been hacked, including companies across multiple sectors and some government entities. Because this vulnerability was used before Microsoft could patch it, it's classified as a zero-day, meaning there was zero time to prepare.
Collection
[
|
...
]