How I Made $5000 in the Stock Market

Microsoft Says China-Linked Hackers Are Behind SharePoint Attacks. What to Know.

Jul 22, 2025 13:18:00 -0400 by Nate Wolf | #Technology

Microsoft first confirmed attacks on SharePoint Server customers over the weekend. (Drew Angerer/Getty Images)

Microsoft says Chinese hackers exploited security vulnerabilities in the company’s SharePoint platform, which it first reported over the weekend.

In a blog post Tuesday, Microsoft said it observed hackers attempting to “gain initial access to target organizations.” According to Microsoft, those involved included hacking groups called Linen Typhoon and Violet Typhoon—which Microsoft said are linked to the Chinese government—and China-based group Storm-2603.

SharePoint Server is a version of the internal file-sharing and intranet platform that organizations host on their own servers, unlike the cloud-based SharePoint Online in Microsoft 365.

Microsoft confirmed attacks targeting SharePoint Server customers over the weekend. The company has released security updates for all supported versions of SharePoint Server affected by the security vulnerability, it said, and is urging customers to apply the patches immediately.

Linen Typhoon, which has been active since 2012, focuses on stealing intellectual property from organizations related to government, defense, strategic planning, and human rights, Microsoft said. The group has also been called APT27, according to the company’s threat actor glossary. Earlier this year, a federal judge in Washington, D.C., unsealed indictments against two Chinese nationals with alleged ties to APT27, charging them with stealing data from technology companies, think tanks, defense contractors, government municipalities, and universities.

Violet Typhoon is dedicated to espionage targeting industries like higher education, media, and finance, as well as former government and military personnel, according to Microsoft. Last year, the U.S. District Court for the Eastern District of New York indicted seven members of the group, which is also known as APT31, on hacking and wire fraud charges related to alleged attacks on government officials, presidential campaigns staffers, and defense and technology companies.

Microsoft said it believes the third group, Storm-2603, is based in China, but the company hasn’t identified links to other known threat organizations.

“With the rapid adoption of these exploits, Microsoft assesses with high confidence that threat actors will continue to integrate them into their attacks against unpatched on-premises SharePoint systems,” the company wrote.

Write to Nate Wolf at nate.wolf@barrons.com