Fri Jul 25 04:01:06 UTC 2025: **Summary of the text:**

A massive cyberattack, attributed to China-linked hackers, has exploited vulnerabilities in Microsoft’s SharePoint servers, compromising hundreds of organizations globally. The attack leveraged newly discovered flaws to access user credentials and infiltrate on-premises SharePoint deployments, impacting government, education, healthcare, and large enterprises. Microsoft has released patches and attributed the attacks to groups like Linen Typhoon, Violet Typhoon, and Storm-2603, known for espionage and intellectual property theft. Cybersecurity experts warn of the severity of the attack, highlighting the potential for sensitive data theft. The incident is part of a larger trend of state-sponsored cyberattacks targeting Microsoft’s widespread software ecosystem, making its users vulnerable. While China is repeatedly singled out for these activities, the text acknowledges that many countries are developing cyber capabilities.

**News Article:**

**China-Linked Hackers Target Global Organizations Through Microsoft SharePoint Flaw**

**Paris – July 25, 2025:** A large-scale cyberattack attributed to groups with ties to China has compromised hundreds of organizations worldwide by exploiting vulnerabilities in Microsoft’s SharePoint servers. The attacks, which leveraged newly discovered flaws in the file-sharing software, allowed hackers to access sensitive data and user credentials, impacting a range of sectors including government, education, healthcare, and large enterprises.

Microsoft confirmed the attacks and released patches to address the vulnerability, stating that the cloud-based version of SharePoint was not affected. However, on-premises deployments, commonly used by government agencies and large corporations, were at immediate risk. Cybersecurity firm Eye Security identified over 400 compromised systems, including government organizations in Europe, the Middle East, and the United States, with reports mentioning the U.S. nuclear weapons agency as a potential target.

The tech giant attributed the attacks to Chinese state-backed actors, specifically naming Linen Typhoon, Violet Typhoon, and Storm-2603. These groups are known for engaging in intellectual property theft and espionage, with the Typhoon groups having been active for over a decade.

Experts are raising concerns about the scale and speed of the attack, which highlights the risk that widely used software providers such as Microsoft can be targeted for broader impact. This is not the first such instance, where in 2021, a Chinese hacker group compromised tens of thousands of email servers using Microsft Exchange software. While the hackers are believed to be China based, according to Rodrigue Le Bayon from Orange Cyberdefense this is not the only nation backing hacker operations as countries around the world hone cyber capabilities.

“It’s not Microsoft that is being targeted, it’s its customers,” said Shane Barney, head of information security at US-based Keeper, while cybersecurity specialist Damien Bancal noted the easy availability of exploit code, raising the risk of further exploitation.

Microsoft is urging users to apply the available patches immediately to protect their SharePoint servers and avoid becoming victims of this ongoing cyber campaign. Investigations into other threat actors potentially exploiting the vulnerabilities are underway.

Read More