Microsoft Reveals Chinese State Hackers Exploiting SharePoint Flaws

Microsoft reveals Chinese state-backed hacker groups, including Linen Typhoon, Violet Typhoon, and Storm-2603, are exploiting SharePoint flaws, breaching over 100 organisations. Discover threat actors, their tactics and Microsoft’s urgent security guidance.

Microsoft’s critical new update reveals that specific Chinese nation-state threat groups are actively exploiting vulnerabilities in its on-premises SharePoint servers. Following an earlier report from Hackread.com, which highlighted the compromise of over 100 organisations globally, Microsoft has now identified the key players behind the intrusions and released comprehensive security updates for all affected SharePoint versions.

The ongoing cyberattacks leverage two distinct zero-day flaws, CVE-2025-49706, a spoofing vulnerability that allows attackers to trick systems, and CVE-2025-49704, a remote code execution (RCE) vulnerability enabling them to run malicious code remotely. These flaws are related to the previously highlighted CVE-2025-53770 and CVE-2025-53771.

Microsoft is sharing details from ongoing investigations of threat actors exploiting vulnerabilities targeting on-premises SharePoint servers. Linen ...