Microsoft SharePoint Servers Breached by Chinese Cyber Groups, Company Reports

Thu Jul 24 2025 01:15:57 GMT+0300 (Eastern European Summer Time)

Chinese hacker groups exploited vulnerabilities in Microsoft's on-premises SharePoint servers to steal data from businesses, the tech giant reveals.

Microsoft has reported that its SharePoint servers were hacked by Chinese cyber groups, targeting business data through exploited vulnerabilities. The attacks were carried out by state-backed entities including Linen Typhoon and Violet Typhoon, as well as China-based Storm-2603, which specifically targeted on-premises software rather than Microsoft's cloud services.

In response to the breach, Microsoft has urged customers using on-premises SharePoint servers to install security updates it has issued. The company has stated "high confidence" that adversaries will persist in their attacks on systems that have not been updated. The breach reflects a broader pattern of cyber-espionage, with Mandiant Consulting's CTO Charles Carmakal indicating a wide range of sectors and geographical locations impacted.

The hackers' tactics reportedly involve sending requests to the SharePoint server to extract sensitive cryptographic key material. Microsoft identified the primary targets as organizations dealing with government, defense, and sensitive sectors. As investigations continue, further updates will be provided to the public.

The incident marks a critical security challenge for businesses using SharePoint and underlines the escalating cyber threats from state-sponsored actors.

Microsoft's response reinforces the importance of cybersecurity measures amid rising global cyber threats.