Microsoft SharePoint Hacked by State-Sponsored Chinese Groups

Wed Oct 22 2025 15:39:16 GMT+0300 (Eastern European Summer Time)

Major cybersecurity breach leads to targeted attacks on businesses using Microsoft's SharePoint servers.

Microsoft has reported that Chinese hacking groups have infiltrated its SharePoint document software, specifically targeting on-premises servers. The tech giant urges users to install security updates to safeguard against these threats.

Recent news has emerged that Microsoft’s SharePoint, a widely-used document software, has come under attack by Chinese cybercriminal organizations. The groups, including state-backed actors like Linen Typhoon and Violet Typhoon as well as another group known as Storm-2603, exploited security weaknesses in on-premises servers, which are commonly used by various businesses. Microsoft confirmed that cloud-based SharePoint services remain unaffected.

In response to the breach, Microsoft has issued security updates for affected users and is closely monitoring the situation for any further exploitation attempts. They also revealed that hackers had carried out attacks by manipulating server requests, allowing the theft of sensitive data.

Experts, like Mandiant’s CTO, Charles Carmakal, have indicated that numerous victims across various sectors were targeted globally, primarily focusing on government and business users of SharePoint. Carmakal emphasized the opportunistic nature of the attacks, occurring before patches could be implemented.

Historically, Linen Typhoon has concentrated on acquiring intellectual property from organizations linked to government and human rights, while Violet Typhoon’s espionage efforts have spanned various industries, including education and finance, particularly within the US, Europe, and East Asia. Storm-2603 has been identified as a credible threat actor based in China. As investigations continue, Microsoft is committed to providing updates and ensuring the safety of its users.