Skip to content
Revolutionize Your Tech Journey Today!Protect Your Tech Today!

Chinese cyber attackers infiltrate technology titan Microsoft, posing potential danger

Cybersecurity issues engulf tech titan Microsoft as hackers, believed to be of Chinese origin, breach vulnerabilities in SharePoint servers, launching attacks on numerous organizations.

 and  Administrator
3 min read
Hackers affiliated with China pose a threat as they infiltrate major tech corporation Microsoft
Hackers affiliated with China pose a threat as they infiltrate major tech corporation Microsoft

Chinese cyber attackers infiltrate technology titan Microsoft, posing potential danger

Microsoft is currently in the midst of a cybersecurity crisis, with China-linked hacking groups targeting flaws in SharePoint servers. As of 2020, SharePoint had over 200 million active users, making it a prime target for these attacks.

The hacking groups, including Linen Typhoon, Violet Typhoon, and Storm-2603, have been active for over a decade and are known for intellectual property theft and espionage, according to Microsoft. These groups have targeted hundreds of organizations, including government organizations in Europe, the Middle East, and the United States.

Linen Typhoon and Violet Typhoon are government-sponsored espionage groups. Linen Typhoon mainly focuses on stealing intellectual property, while Violet Typhoon targets private information for espionage purposes. Both groups are believed to be affiliated with the Chinese government and have been observed exploiting the SharePoint vulnerability since at least July 7, 2025.

Storm-2603 is another China-backed group but less well understood. Unlike the first two, this group is known for deploying ransomware and stealing Machine Keys—cryptographic keys that can be used to regain access to compromised systems even after patches. Its exact motives remain unclear, but it has exploited the SharePoint flaw since around July 18, 2025.

The assault on SharePoint servers is the latest in a series of sophisticated attacks carried out by state-sponsored groups against the Microsoft ecosystem, according to Cybersecurity specialist Damien Bancal. "It's not Microsoft that is being targeted, it's its customers," said Shane Barney, head of information security at Keeper.

The cyberattacks on SharePoint servers are believed to involve Chinese state-sponsored groups: Linen Typhoon, Violet Typhoon, and Storm-2603. These groups have exploited a critical Microsoft SharePoint vulnerability (officially CVE-2025-53770) affecting self-hosted SharePoint servers, enabling remote code execution, data theft, and ransomware attacks. Victims include government agencies, universities, energy companies, and telecom firms across multiple regions.

Microsoft, along with Google and other security researchers, continue to monitor these groups. Microsoft has released security updates and provided mitigation guidance to help affected organizations defend against these attacks.

In summary:

  • Linen Typhoon, Violet Typhoon, and Storm-2603 are China-based hacking groups linked to recent cyberattacks exploiting a zero-day vulnerability in on-premises Microsoft SharePoint servers.
  • Linen Typhoon and Violet Typhoon are government-sponsored espionage groups. Linen Typhoon mainly focuses on stealing intellectual property, while Violet Typhoon targets private information for espionage purposes.
  • Storm-2603 is another China-backed group but less well understood. Unlike the first two, this group is known for deploying ransomware and stealing Machine Keys.
  • The cyberattacks have enabled remote code execution, data theft, and ransomware attacks, affecting victims including government agencies, universities, energy companies, and telecom firms across multiple regions.
  • Microsoft has released security updates and provided mitigation guidance to help affected organizations defend against these attacks.

These designations come from Microsoft threat intelligence; other cybersecurity firms may use different names but have corroborated the involvement of China-backed groups exploiting this SharePoint vulnerability.

The Chinese government has not responded publicly to these allegations. However, hacking incidents are not limited to Microsoft, as countries around the world hone their cyber capabilities. China is repeatedly singled out by companies and governments hit by hacks, but other nations are also developing cyber capabilities, according to cybersecurity expert Rodrigue Le Bayon.

[1] Microsoft, "Advanced Notification: Microsoft SharePoint Server Remote Code Execution Vulnerability - CVE-2025-53770" (2025) [2] Google Threat Analysis Group, "State-backed Hacking Group Exploits Zero-Day in Microsoft SharePoint" (2025) [3] Palo Alto Networks, "Urgent Warning: On-Premises SharePoint Deployments are Immediate Risk Due to Active Exploitation of Zero-Day Vulnerability" (2025) [4] Microsoft, "Microsoft Security Update Guide - July 2025" (2025)

  1. Given the recent cyberattacks on SharePoint servers by Lincoln Typhoon, Violet Typhoon, and Storm-2603, it's crucial for organizations using technology such as SharePoint to stay vigilant and implement the security updates provided by Microsoft to safeguard their intellectual property and private information.
  2. The exploitation of technology vulnerabilities by China-linked hacking groups highlights the importance of cybersecurity in the modern world, where nations invest in developing advanced technological capabilities for various purposes, including espionage and theft of intellectual property.

Read also:

    Related

    Latest