.png){kind=logo}
A large-scale cyberattack has shaken global cybersecurity after over 100 organizations were infiltrated through critical flaws in Microsoft’s SharePoint servers. Microsoft confirmed that three China-linked threat groups had carried out these coordinated intrusions since early July 2025, targeting governments, universities, and energy firms.
The attack is traced back to a severe zero-day vulnerability, CVE-2025-53770, which was first disclosed at a hacking competition in Berlin. Despite Microsoft issuing a patch with exceptional speed, the perpetrators were able to sidestep the patch.
The flaw allowed hackers to steal private cryptographic keys, install malware, and maintain stealthy access to affected systems.
The groups behind this wave, Linen Typhoon, Violet Typhoon, and Storm-2603, have long histories of cyberespionage. Microsoft and Google’s Mandiant identified their tactics: from stealing intellectual property to planting backdoors in sensitive systems. The affected organizations span multiple continents, including the United States, Canada, Germany, Indonesia, and Brazil.
Among the most alarming targets was the US National Nuclear Security Administration. Experts say the attackers stole login credentials, deployed web shells, and gained persistent access to several systems, even those already patched.
Microsoft acknowledged the oversight. After the initial patch failed to stop the threat, a complete security update was issued later in July. The company now urges all users of self-hosted SharePoint servers to update immediately. SharePoint Online remains unaffected.
Security experts from CrowdStrike and Eye Security raised concerns over the delay in Microsoft’s response. Several firms have reported that the attackers may already be lying dormant inside compromised networks. This echoes the 2021 Exchange Server breach, which also involved state-backed actors exploiting collaboration tools.
The US Cybersecurity and Infrastructure Security Agency added the exploited flaws to its high-priority patch list. It has directed federal agencies to install the latest fixes without delay. Analysts warn that over 8,000 servers might still remain exposed.
This campaign for cyberespionage brought to light the vulnerabilities existing in Microsoft software and reignited the controversy over the speed with which tech giants address a discovered threat.
While these Chinese hackers continue pushing the boundaries of cyberspace, this incident stands as a stark warning about the erosion of trust placed in software systems in an increasingly hostile digital space.
Also Read – Securing Communities: Human-Centered Innovation Reimagines Cybersecurity
