China-linked hackers behind server attacks

The breaches in the US and other countries took advantage of a zero-day vulnerability chain

Mathures Paul Published 23.07.25, 11:03 AM

A Microsoft logo in Issy-les-Moulineaux near Paris on January 9. Reuters file picture

Hackers with ties to the Chinese government have been linked to the “active attacks” on server software SharePoint, used by government agencies and businesses to share documents within organisations.

The breaches in the US and other countries took advantage of a zero-day vulnerability chain.

“Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting these vulnerabilities targeting Internet-facing SharePoint servers,” said the company.

“In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities.”

Hackers can use the zero-day exploit to steal sensitive data and harvest passwords. Microsoft said that only servers housed within an organisation were compromised in the hack but SharePoint Online in Microsoft 365 was not impacted.

Microsoft deployed patches for the last of the exposed versions by Monday.

The patches will prevent new intrusions but customers are also required to change the machine’s digital keys, apply anti-malware software and track down breaches that have already occurred, the company has said.

Researchers determined that nearly 100 organisations were affected in the attack over the weekend, Eye Security’s chief hacker Vaisha Bernard told Reuters.

Cybersecurity firm Check Point said that it discovered the first signs of exploitation on July 7: “Since then, we’ve confirmed dozens of compromise attempts across government, telecommunications, and software sectors in North America and Western Europe.”

A few days ago, Microsoft said it will stop using China-based engineers to offer technical assistance to US defence clients using the company’s Cloud services.

“In response to concerns raised earlier this week about US-supervised foreign engineers, Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services,” Frank Shaw,
the Microsoft’s chief communications officer, wrote in a post on X.

China-linked hackers behind server attacks

The breaches in the US and other countries took advantage of a zero-day vulnerability chain

RELATED TOPICS

Grieving UK families discover remains from Air India crash belong to strangers: Lawyer

'Elections being stolen': Rahul claims Cong has uncovered blueprint of ‘vote chori’

JDU MP speaks out against EC’s voter list revision ahead of Bihar polls

Donald Trump claims outrageous and a weak attempt at distraction

Ravi Dahiya, Bajrang Punia & more: How doping left top wrestlers high and dry

Myntra under ED scanner for flouting FDI norms worth over Rs 1,654 crore, case filed by agency

Modi says it in as many words: No farewell, terse send-off for Dhankhar amid argument buzz

'West Arctica, Saborga, Lodonia': Man held for running fake embassies in Ghaziabad

‘People call me mad’: Ex-IPS cleans street, Anand Mahindra says ‘powerful service’

Sensex jumps nearly 540 points on buying in bluechip banks and oil shares

'Research pending, future uncertain': Protests erupt at IIT Guwahati over sharp fee hike

Traders in Karnataka call strike on July 25 against GST notices on UPI data as PM hails digital India