Space News from SpaceDaily.com
Chinese state hackers targeting Microsoft customers
San Francisco, United States, July 22 (AFP) Jul 22, 2025
Chinese state-sponsored hackers are actively exploiting critical security vulnerabilities in users of Microsoft's popular SharePoint servers to steal sensitive data and deploy malicious code, the US tech giant warned Tuesday.

Microsoft said it has observed three threat groups -- dubbed Linen Typhoon, Violet Typhoon, and Storm-2603 -- targeting internet-facing SharePoint servers using two newly disclosed vulnerabilities that allow attackers to bypass authentication and execute remote code.

SharePoint Server is Microsoft's collaboration and document management platform designed for businesses and organizations.

Many large organizations use SharePoint as their primary platform for internal collaboration and for storing documents, and is appreciated for working well with other Microsoft products like Office, Teams, and Outlook.

The attacks, which Microsoft said began as early as July 7, affect only on-premises SharePoint installations and do not impact the cloud-based SharePoint Online service, the company said in a security bulletin.

Microsoft warned that it "assesses with high confidence" that the threat actors will continue their assault against vulnerable systems where companies haven't taken the necessary precautions.

The vulnerabilities allow attackers to spoof authentication credentials and execute malicious code remotely on vulnerable servers.

Microsoft has released comprehensive security updates to address the malware and urged customers to apply the patches immediately.

In their successful attacks, the Chinese hackers deployed malicious code that provides backdoor access to compromised systems. The attackers used these tools to steal machine encryption keys and maintain access to targeted networks.

Linen Typhoon, active since 2012, primarily focuses on intellectual property theft from government, defense, and human rights organizations.

Violet Typhoon, operating since 2015, conducts espionage against former government officials, NGOs, think tanks, and media organizations across the United States, Europe, and East Asia.

Storm-2603, which Microsoft assesses with "medium confidence" to be China-based, has previously deployed ransomware but its current objectives remain unclear.

Research from cybersecurity company Check Point said the campaign began on July 7 against a major Western government and that the attacks intensified dramatically around July 18.

Since then, researchers have confirmed dozens of compromise attempts primarily targeting organizations in North America and Western Europe, Check Point said in a blog post.


ADVERTISEMENT




Space News from SpaceDaily.com
NASA picks Firefly Aerospace for ambitious 2029 lunar rover and instrument delivery
Team led by MDA Space to define future of Canadian lunar vehicle program
Lunar soil machine developed to build bricks using sunlight

24/7 Energy News Coverage
Designing compact drones to safely navigate air ducts
Map Africa project to deliver continentwide geospatial data for 54 nations
The complex relationship between fusion fuel and lithium walls

Military Space News, Nuclear Weapons, Missile Defense
Boeing X37B Spaceplane Prepares for Eighth Orbital Test Mission
Israel military intercepts Huthi missile fired from Yemen; Gaza civil defence says Israel strikes kill 30
BlackSky secures next stage of Navy contract for optical satellite link upgrades

24/7 News Coverage
Cosmic dust particles reveal snapshot of Earth's ancient air
Spire to Provide ESA with Satellite Weather Data for European Research
Gaza seen from above: debris and darkness


All rights reserved. Copyright Agence France-Presse. Sections of the information displayed on this page (dispatches, photographs, logos) are protected by intellectual property rights owned by Agence France-Presse. As a consequence, you may not copy, reproduce, modify, transmit, publish, display or in any way commercially exploit any of the content of this section without the prior written consent of Agence France-Presse.