Google and Microsoft security researchers say that they have evidence that Chinese supporting hackers take advantage of a zero -day mistake in Microsoft SharePoint as companies around the world are robbing a deficiency.
A fault that is officially known as the name CVE-2025-53770 And hackers found last weekend can steal sensitive private keys from self-hosted versions of the SharePoint software server that companies and organizations use widely to store and share internal documents. When an attacker can use, the attacker can use the error remotely use the malware and get access to the files and data stored inside, and access to other systems of the same network.
Internal- Blog post on TuesdayMicrosoft said it had found at least two previously identified China -Tukimaa hacking groups, which it calls the “linen typhoon” and “Violet Typhoon”, which utilizes the SharePoint Zero day. Microsoft says linen typhoon is focused on stealing intellectual property rights, while Violet Typhoon steals private information used for espionage.
Microsoft also looked at the ongoing hackers for a third China-backed hacker group, called “Storm-2603”, which represents a hacking group that has less knowledge of the company. However, the company stated that hackers have previously been attached to the Frenchware attacks.
According to Microsoft, three hacking groups were found to take advantage of zero vulnerability to break into vulnerable SharePoint servers on July 7.
Charles Carmakal, Mandant, Technology Director of the Response Unit of Google, told Techcrunch in an email that “at least one of the similar actors” was a China’s Nexus hacker group, but said that “many actors are now actively using this vulnerability.”
Dozens of organizations have already been hacked, including in the entire state sector. The fault is kept on zero day because the seller-Microsoft, in this case, had no time to give repair before actively exploiting it. Microsoft has As all SharePoint versions of the SharePoint adopted repair informationBut security researchers have warned that the customers in SharePoint themselves should assume that they have already been compromised.
TechCrunch event
San Francisco
And
27.-29. October 2025
The Chinese government has long been opposed to the claims that it has performed cyber attacks, although it has not always explicitly denied its participation.
To comment on the Washington DC’s Chinese Embassy, Liu Pengyu said in his statement that China “opposes and opposes all kinds of information network attacks and information network crime – a position that is consistent and clear.”
This is the latest China -related hacking campaign in recent years. Chinese -supported hackers were accused of self -hosted Microsoft Exchange email servers in 2021 as part of the mass tanker campaign. According to a recent Ministry of Justice, accusing two Chinese hackers of the Prime Minister of the violations, the so -called. HAFNIUM hackers jeopardized contact information and private mailboxes from over 60,000 sufferers.
Updated with a comment on the Chinese government.
