Chinese Hackers Breach Microsoft SharePoint Servers Worldwide

Microsoft SharePoint Servers Hacked by Chinese Threat Actors

Microsoft has confirmed that several state-backed Chinese hacking groups have exploited vulnerabilities in its on-premises SharePoint document servers. These attacks did not affect Microsoft’s cloud-based SharePoint service but targeted companies using servers hosted within their own IT infrastructure.

The cyberattacks were linked to groups known as Linen Typhoon, Violet Typhoon, and Storm-2603—all believed to operate out of China or have connections to Chinese state interests. Microsoft says the attackers exploited known flaws in SharePoint software to gain unauthorized access to sensitive data and encryption keys.

Security Patches Released Amid Ongoing Threats

In response, Microsoft has issued critical security updates and strongly advised all customers using on-premises SharePoint servers to apply the patches immediately. The tech giant warned that systems which remain unpatched are at high risk of further attacks.

“Investigations into other actors also using these exploits are still ongoing,” Microsoft said in its official security blog. The company pledged to continue publishing updates as it learns more about the nature and scope of the breaches.

How the Attacks Worked

According to Microsoft, the hackers exploited a vulnerability that allowed them to send malicious requests to vulnerable SharePoint servers. These requests enabled them to steal cryptographic keys, allowing unauthorized access to stored data and communications.

This technique, known as key material theft, potentially gives hackers long-term access to sensitive organizational data—even after initial detection or removal.

Global Impact and Target Sectors

Charles Carmakal, CTO at Mandiant Consulting, a division of Google Cloud, stated that his firm had identified “several victims across different sectors and global regions.” He emphasized that both government institutions and businesses relying on SharePoint were primary targets.

“This was exploited in a very broad and opportunistic way before Microsoft issued a patch,” Carmakal explained. “That’s why this breach is particularly significant.”

Repeat Patterns in China-Linked Cyber Campaigns

Carmakal also noted that the hacking techniques used in this case closely resemble those seen in earlier cyber campaigns linked to Beijing-sponsored actors. He described the behavior of the attackers as opportunistic, aiming to infiltrate as many unpatched systems as possible.

Profiles of the Involved Hacking Groups

Microsoft offered deeper insights into the history and focus of each group involved:

Linen Typhoon (also known as Hafnium or APT40): This group has been active for over 13 years. Its primary objective is to steal intellectual property, with a focus on organizations involved in government affairs, defense, strategic planning, and human rights.

Violet Typhoon (associated with APT31 or Zirconium): This threat actor is primarily engaged in espionage, targeting former government and military personnel, as well as NGOs, think tanks, media outlets, academic institutions, and sectors such as finance and healthcare across the US, Europe, and East Asia.

Storm-2603: Microsoft assessed this group to be a China-based threat actor with medium confidence. Although less documented, it has demonstrated capabilities in exploiting enterprise software.

Why the Breach Matters

Cybersecurity experts stress that the SharePoint vulnerability is especially critical because it involves a widely used enterprise product. Since many organizations host sensitive and confidential data on SharePoint, successful exploitation could lead to data leaks, persistent surveillance, and long-term system compromise.

Furthermore, exploiting cryptographic material allows hackers to bypass standard authentication and remain undetected for extended periods.

Urgent Call to Action

Microsoft urges all organizations still using on-premises SharePoint servers to immediately:

  • Apply the latest security patches
  • Review their server logs for unusual activity
  • Rotate cryptographic keys and credentials
  • Consider migrating to Microsoft’s cloud-based alternatives where feasible, which are not affected by this breach

The tech giant also promised to update customers through its official channels, including the Microsoft Security Blog.

Expert Warnings on Future Threats

Experts believe these attacks are part of a broader, long-term strategy by state-sponsored cyber groups to infiltrate critical infrastructure and gain access to strategic information.

Given the scale and sophistication of the current attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and international partners may also issue advisories to coordinate defense measures.

The Information is collected from CNBC and MSN.


Subscribe to Our Newsletter

Related Articles

Top Trending

launch tactics tight budget
7 Launch Tactics on a Tight Budget for Indie SaaS Teams
Local Climate Actions
11 Local Climate Actions That Compound Beyond One Household
Best travel habits to keep
The Best Travel Habits to Keep After You Return Home [My Personal POV]
SEO tactics SaaS
11 SEO Tactics Specific to SaaS Teams That Want Qualified Traffic, Not Empty Visits
Is VAR Ruining Football
Is VAR Ruining Football: 10 Controversies, Benefits, and Personal Verdict

Fintech & Finance

ELSS SIP Calculator
ELSS SIP Calculator: Tax Saving + Wealth Building Explained
Tracking Small-Cap Stocks on Fintechzoom.com Russell 2000
Fintechzoom.com Russell 2000: The Complete Guide to Tracking Small-Cap Stocks in 2026
Organizational Bottlenecks and How to Address Them
10 Organizational Bottlenecks: Here’s How to Address Them
Why more Indians are Taking a Rs 50000 Personal Loan for Emergencies and Short-term Needs
Why more Indians are Taking a Rs 50000 Personal Loan for Emergencies and Short-term Needs
Founder comparing the Best Accounting Tools for Founders on a startup finance dashboard
9 Best Accounting Tools for Founders to Keep Startup Finances Clean

Sustainability & Living

Local Climate Actions
11 Local Climate Actions That Compound Beyond One Household
Plastic-Free Grocery Swaps
8 Plastic-Free Grocery Shopping Swaps That Actually Work
Sustainable Bathroom Swaps
11 Sustainable Bathroom Swaps for a Waste-Free Routine
Career Changes for Climate Impact
7 Career Changes for Climate Impact That Use the Skills You Already Have
Reducing Food Waste Home
Reducing Food Waste at Home: Smarter Meal Planning and Ingredient Storage

GAMING

Mortdog left Riot Games
Mortdog Leaves Riot Games: Is This the End of TFT as We Know It?
Quality Assurance & Game Testing
Top 10 Gaming SMEs Specializing in Quality Assurance & Game Testing in India
$70 Game Deals
Why $70 Game Deals Are Mostly Never Worth It
why AAA games look the same
Why AAA Games Look the Same Even When They Cost More Than Ever
Foullrop85j.08.47h Gaming
Foullrop85j.08.47h Gaming: What It Really Is and Why You Should Be Skeptical

Business & Marketing

Best Founder Resources
23 Best Founder Resources: A Practical Guide for Early-Stage Startups
Best Free Courses Aspiring Founders
The 7 Best Free Courses Aspiring Founders Should Take Before Building
best templates founders
11 Best Templates Founders Need to Build Smarter
Enter a new country without legal entity
The Fastest Way to Enter a New Country Without Establishing a Legal Entity
Promotional talent live events
How Promotional Talent Helps Brands Make an Impact at Live Events

Technology & AI

launch tactics tight budget
7 Launch Tactics on a Tight Budget for Indie SaaS Teams
SEO tactics SaaS
11 SEO Tactics Specific to SaaS Teams That Want Qualified Traffic, Not Empty Visits
best newsletters SaaS founders
11 Best Newsletters SaaS Founders Should Read for Growth
Best Local LLMs You Can Run On A Laptop
Best Local LLMs You Can Run On A Laptop: A Complete Hardware And Setup Guide
How To Reduce AI Hallucinations In Long Documents guide
How To Reduce AI Hallucinations In Long Documents: Proven Strategies Explained

Fitness & Wellness

A Complete Guide on TheLifestyleEdge com
The Lifestyle Edge: Your Complete Guide to Wellness and Modern Living
Stretching Accessories That Make a Difference
7 Stretching Accessories That Make a Difference for Flexibility, Mobility, and Recovery
air quality wellness devices
13 Air Quality and Wellness Devices Worth Considering for a Healthier Home
habits reduce stress
7 Habits That Reduce Stress Long Term and Feel Calmer Daily
habits better focus
11 Habits for Better Focus That Actually Work