REDMOND (dpa-AFX) - Security researchers at Microsoft and Google's Mandiant unit have confirmed that multiple China-backed hacking groups are actively exploiting a severe zero-day vulnerability in self-hosted Microsoft SharePoint servers.
The flaw, discovered last weekend, enables attackers to steal private keys, deploy malware remotely, and gain deep access to sensitive data across corporate networks.
Microsoft has attributed the attacks to three China-linked groups Linen Typhoon, Violet Typhoon, and Storm-2603. Linen Typhoon specializes in intellectual property theft, while Violet Typhoon focuses on espionage. Storm-2603, which remains less understood, has previously been tied to ransomware operations. Evidence shows the vulnerability has been exploited since July 7.
'This is a rapidly evolving situation,' said Charles Carmakal, CTO of Mandiant, noting that multiple actors are now using the exploit and more could follow. Preliminary assessments indicate that more than 100 organizations have already been compromised, including U.S. federal agencies and major enterprises worldwide.
Microsoft has released security patches for all affected versions and is coordinating with the Cybersecurity and Infrastructure Security Agency and the Department of Defense to contain the threat. However, experts warn that any organization running on-premises SharePoint should assume potential compromise and perform urgent forensic reviews.
China has denied involvement, reiterating its opposition to all forms of cyberattacks. Still, the campaign echoes the 2021 'Hafnium' Exchange Server breach, highlighting persistent risks from state-sponsored actors.
The incident has renewed scrutiny of Microsoft's on-premises security and the broader resilience of U.S. government and corporate systems.
Copyright(c) 2025 RTTNews.com. All Rights Reserved
Copyright RTT News/dpa-AFX
© 2025 AFX News
