Google security researchers and Microsoft say they have evidence that China -backed hackers are exploiting a zero -day error in Microsoft SharePoint, as companies around the world mix to correct the defect.
The error, officially known as CVE-2025-53770 And discovered last weekend, it allows hackers to steal sensitive private keys from self-esteem versions of SharePoint, a software server widely used by companies and organizations for storage and exchange of internal documents. Once exploited, an intruder can use the error to plant remote malware and access the files and data stored in, as well as access to other systems on the same network.
In A blog post on TuesdayMicrosoft said it had noticed at least two previous hacking groups supported by China called “Typhoon” and “Violet Typhoon” who take advantage of the zero day of Sharepoint. Microsoft says Typhoon Linen focuses on theft of intellectual property, while Violet Typhoon steals private information to be used for espionage.
Microsoft has also attributed continuing hacks to a third hacking group supported by China called “Storm-2603”, representing a hacking group for which the company has less information. However, the company noted that hackers have been linked to ransomware attacks in the past.
According to Microsoft, the three hacking teams were observed by exploiting the vulnerability of zero day to break on vulnerable SharePoint servers as early as July 7.
Charles Carmakal, head of Google’s Response Response Unit technology, told TechCrunch in an email that “at least one of the actors responsible” was a China-Nexus hacking group, but noted that “many actors are actively operating this vulnerable”.
Dozens of organizations have already been violated, including the government sector. The error is regarded as a zero day, because the seller-Microsoft, in this case-did not have time to issue a patch before it was actively exploited. Microsoft has Ever since the patches have begun for all of the affected editions of SharePointBut security researchers have warned that customers who are executing self-editions of Sharepoint should assume that they have already been tested.
TechCrunch event
Francisco
|
27-29 October 2025
The Chinese government has long rejected claims that it has made cyberattacks, although it has not always explicitly refusing its involvement.
When reached for comments, Liu Pengyu, a spokesman for the Chinese Embassy in Washington, said in a statement that China “is steadily opposing and fighting all forms of cyber -and crime attacks on cyberspace – a position that is consistent.
This is the last hacking campaign connected to China in recent years. China -backed hackers have been accused of targeting Microsoft Exchange email servers who have hosted 2021 as part of a mass production campaign. According to a recent indictment by the Ministry of Justice who accuses two Chinese hackers of drawing up violations, so -called “hafnium” hacks have harmed contact details and private mailboxes from more than 60,000 affected servers.
He was informed by comments by the Chinese government.
