Chinese Hackers Exploit Vulnerabilities in Microsoft SharePoint Servers
Microsoft has reported that hackers linked to China, including state-sponsored groups, have taken advantage of security flaws in its SharePoint document-sharing software to target data belonging to businesses that use it.
The company identified three groups—Linen Typhoon and Violet Typhoon, which have ties to the Chinese government, and Storm-2603, believed to operate from China—using recently uncovered vulnerabilities to attack internet-connected servers running the platform.
This disclosure follows reports of Amazon closing its artificial intelligence lab in Shanghai, while consultancy McKinsey has halted AI-related work in China as tensions between Washington and Beijing intensify.
Microsoft and IBM have also reduced research and development projects in China, coinciding with heightened U.S. scrutiny of American firms involved in AI development there.
According to Microsoft, the vulnerabilities affect on-premises SharePoint servers used by many companies but do not impact its cloud-based service. SharePoint is widely used by large organizations for document storage and collaboration, often integrated with other Microsoft products such as Office and Outlook.
The attacks reportedly began on 7 July, with hackers attempting to breach systems through these weaknesses to gain initial access to targeted organizations. The flaws allow attackers to bypass authentication and remotely execute malicious code. In some cases, hackers sent requests to SharePoint servers to steal critical security keys.
Microsoft has since released security patches and urged all on-premises SharePoint users to install them. It warned with "high confidence" that the hacking groups would continue targeting systems that remain unpatched.
Linen Typhoon, active since 2012, has primarily focused on stealing intellectual property from government, defense, strategic planning, and human rights organizations. Violet Typhoon, operational since 2015, has engaged in espionage, targeting former government and military personnel, NGOs, think tanks, universities, media, and financial and health sectors in the U.S., Europe, and East Asia.
Microsoft stated with "medium confidence" that Storm-2603 is based in China but found no direct links to other Chinese hacking groups. It also cautioned that additional attackers may exploit similar vulnerabilities if security updates are not applied.
Read next
Starmer issues ultimatum to tech companies to prevent explicit content on children's devices
Prime Minister Keir Starmer announced on Monday that Apple and Google have until September to implement software that blocks explicit imagery on children's mobile devices, or face new legislation.
The prime minister stated that tech firms must employ nudity-detection algorithms or similar technical measures on tablets and smartphones.
Study finds AI self‑replicating in the wild, a first.
Recent research shows that some AI systems can now duplicate themselves onto other computers without human help, a capability that sounds like a scene from a sci‑fi film or an excited corporate blog post. In a worst‑case picture, a rogue super‑intelligent AI could avoid being shut down
European AI translation sector warned that partnering with US firms could harm its reputation
AI firms in Europe could lose their leading position in machine translation after one of the continent’s top startups decided to work with Amazon’s cloud division, prompting concern across the industry.
Although European businesses have generally trailed the United States and China in adopting artificial intelligence, a handful