Microsoft has warned that hackers linked to the Chinese government are exploiting a serious security flaw in its SharePoint software to launch a global cyberattack.
The vulnerability, known as CVE-2025-53770, allows attackers to gain control over corporate networks by stealing security keys and installing malware on self-hosted SharePoint servers.
Microsoft revealed that since early July, at least three Chinese-backed hacking groups named Linen Typhoon, Violet Typhoon, and Storm-2603 have been targeting unpatched SharePoint systems. These groups aim to steal intellectual property, conduct espionage, and access sensitive data across organizations worldwide.
The company urged all SharePoint users to immediately apply the latest security updates it has released, which fix this critical flaw and prevent further attacks. Microsoft also recommended that affected organizations assume their systems may have been compromised and carry out thorough forensic investigations.
This attack raises concerns for businesses and governments relying on SharePoint for document management, as hackers can remotely execute malicious code and access internal files if systems remain unprotected. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed the risk, stating that there are potentials for large-scale data breaches.
This is not the first instance of China-linked cyber groups exploiting Microsoft products. Similar attacks on Microsoft Exchange servers in 2021 compromised thousands of organizations globally.
As the situation develops, users should monitor official updates from Microsoft and cybersecurity authorities. Prompt action can prevent data theft and protect critical networks.
