Security researchers from Google and Microsoft report that hackers backed by China are using a zero-day flaw in Microsoft SharePoint, identified as CVE-2025-53770. This vulnerability allows the theft of sensitive private keys from self-hosted SharePoint versions, enabling attackers to remotely deploy malware and access sensitive files and networks. Microsoft tracked at least two groups, 'Linen Typhoon' and 'Violet Typhoon', both known for stealing intellectual property and private information. Exploitation of this flaw began as early as July 7, affecting numerous organizations, including government entities.
Microsoft observed at least two China-backed groups, 'Linen Typhoon' and 'Violet Typhoon,' exploiting a new SharePoint zero-day vulnerability to steal sensitive data.
The zero-day vulnerability CVE-2025-53770 allows attackers to remotely plant malware and access files stored on vulnerable SharePoint servers.
Three groups, including 'Storm-2603,' have been exploiting the vulnerability since July 7, targeting organizations worldwide, including in the government sector.
Charles Carmakal from Google's Mandiant reported that multiple actors, including identified China-backed groups, are actively exploiting the SharePoint vulnerability.
Collection
[
|
...
]