Chinese Hackers Exploit Vulnerabilities in Microsoft SharePoint Servers
Microsoft has reported that hackers linked to China, including state-sponsored groups, have taken advantage of security flaws in its SharePoint document-sharing software to target data belonging to businesses that use it.
The company identified three groups—Linen Typhoon and Violet Typhoon, which have ties to the Chinese government, and Storm-2603, believed to operate from China—using recently uncovered vulnerabilities to attack internet-connected servers running the platform.
This disclosure follows reports of Amazon closing its artificial intelligence lab in Shanghai, while consultancy McKinsey has halted AI-related work in China as tensions between Washington and Beijing intensify.
Microsoft and IBM have also reduced research and development projects in China, coinciding with heightened U.S. scrutiny of American firms involved in AI development there.
According to Microsoft, the vulnerabilities affect on-premises SharePoint servers used by many companies but do not impact its cloud-based service. SharePoint is widely used by large organizations for document storage and collaboration, often integrated with other Microsoft products such as Office and Outlook.
The attacks reportedly began on 7 July, with hackers attempting to breach systems through these weaknesses to gain initial access to targeted organizations. The flaws allow attackers to bypass authentication and remotely execute malicious code. In some cases, hackers sent requests to SharePoint servers to steal critical security keys.
Microsoft has since released security patches and urged all on-premises SharePoint users to install them. It warned with "high confidence" that the hacking groups would continue targeting systems that remain unpatched.
Linen Typhoon, active since 2012, has primarily focused on stealing intellectual property from government, defense, strategic planning, and human rights organizations. Violet Typhoon, operational since 2015, has engaged in espionage, targeting former government and military personnel, NGOs, think tanks, universities, media, and financial and health sectors in the U.S., Europe, and East Asia.
Microsoft stated with "medium confidence" that Storm-2603 is based in China but found no direct links to other Chinese hacking groups. It also cautioned that additional attackers may exploit similar vulnerabilities if security updates are not applied.
Read next
"Big Tech invests $155B in AI this year, with hundreds of billions more planned"
Major Tech Firms Invest Heavily in AI Development
The largest corporations in the U.S. have poured $155 billion into artificial intelligence development this year, exceeding the federal government’s spending on education, training, employment, and social services combined in the 2025 fiscal year to date.
Recent financial reports from
"Airbnb guest accuses host of doctoring photos in £12K damage dispute"
Short-Term Rental Firm Apologizes After False Damage Claims
A London-based academic received an apology and a full refund from a short-term rental company after a host accused her of causing significant damage to an apartment, using images she believes were digitally altered.
The company reviewed the case and refunded her
"Amazon's grim financial forecast fuels tariff concerns"
Amazon did not ease worries about how Donald Trump’s extensive tariffs could impact its online retail business as it released its latest quarterly results on Thursday. Investor enthusiasm for the tech company wavered in response.
Amazon’s second-quarter earnings surpassed Wall Street’s predictions. The company reported a 13.