Logo

Microsoft Flags Chinese Cyberattacks Exploiting SharePoint Vulnerability

Microsoft has disclosed that China-linked hacking groups have been exploiting a vulnerability in its SharePoint software since early July 2025. This exposure aligns with a history of Chinese cyber espionage attempts targeting Microsoft platforms, including a notable 2021 Exchange Server breach. U.S. cybersecurity agencies have issued alerts, and Microsoft has deployed patches in response. The incident highlights serious concerns about supply chain security, government and corporate cyber defenses, and broader national security implications amid sustained U.S.-China tech tensions.

Microsoft Flags Chinese Cyberattacks Exploiting SharePoint Vulnerability

Chinese State-Sponsored Hackers Target Microsoft SharePoint Flaw

Microsoft has revealed that several hacking groups linked to China have actively exploited a critical vulnerability in its widely used SharePoint collaboration software. This development highlights ongoing cybersecurity challenges for enterprise users and underscores persistent international cyber espionage threats.

Details of the Attack and Threat Actors

The tech giant reported that as early as July 7, 2025, three China-affiliated hacking groups — Linen Typhoon, Violet Typhoon, and the China-based Storm-2603 — have been probing and exploiting weaknesses in specific versions of SharePoint. These groups are believed to operate under the auspices of the Chinese state, aiming to infiltrate organizations through vulnerabilities in this core collaboration platform.

SharePoint is integral to Microsoft’s Office productivity suite, facilitating seamless file sharing and internal communications within businesses and governments worldwide. Exploiting it can provide attackers with wide-reaching access to sensitive data.

Early Warning and Cybersecurity Response

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a formal alert about active exploitation, signaling the urgency of patching vulnerable systems. Microsoft responded swiftly, releasing security patches for multiple on-premises versions of SharePoint, with fixes for Wave 3 versions arriving shortly after the initial announcement.

Charles Carmakal, Chief Technology Officer at Google-owned cybersecurity firm Mandiant, affirmed in a recent briefing that the threat actor involved has a direct nexus to China, reinforcing the geopolitical flavor underpinning this attack.

Context: A Pattern of Targeting Microsoft Software by Chinese Groups

This incident isn’t an isolated case. In 2021, a similar exploitation targeted Microsoft's Exchange Server email and calendar platform, compromising U.S. governmental email accounts. That breach drew significant criticism of both Microsoft and federal security protocols, prompting calls for stricter safeguards and transparency.

More recently, Microsoft CEO Satya Nadella has made bolstering cybersecurity against nation-state threats a top corporate objective, as tensions between the U.S. and China continue in the realms of technology and national security.

Broader Implications for U.S. National Security and Corporate Defense

The fact that Chinese state-backed actors can consistently probe foundational productivity tools raises urgent questions about supply chain security, software trustworthiness, and the resilience of corporate IT infrastructures.

  • For U.S. businesses and government agencies: Immediate patch management and cybersecurity vigilance are paramount.
  • For policymakers: This highlights the need to revisit policies on technology dependencies, cross-border software development, and potential risks posed by foreign workforce arsenals.
  • For the public: Awareness of cyber risk in widely adopted technology platforms underscores the importance of digital hygiene.

Insights from Industry Experts

Cybersecurity specialists warn that vulnerabilities in collaboration platforms like SharePoint can serve as gateways to deeper network penetration, data exfiltration, or espionage. The blend of sophisticated tactics with geopolitical motivations suggests these attacks are part of broader intelligence-gathering campaigns rather than isolated hacks.

Furthermore, Microsoft’s decision to continue supporting Pentagon-related cloud services despite concerns over Chinese engineering involvement points to complex trade-offs between operational efficiency and cybersecurity assurance.

Editor’s Note

This unfolding story reveals the persistent and evolving nature of cyber threats from state-sponsored actors. As organizations increasingly rely on collaborative digital platforms, the stakes for security grow exponentially. It raises critical questions about how technology providers and governments must cooperate to safeguard the digital ecosystem, ensure transparency in software supply chains, and empower users to protect sensitive information.

Readers are encouraged to remain vigilant, apply recommended security updates promptly, and engage in ongoing dialogue regarding the intersection of technology, geopolitics, and cybersecurity.

Microsoft Outlook Faces Multi-Hour Outage Disrupting Millions Globally
Microsoft Outlook Faces Multi-Hour Outage Disrupting Millions Globally

On July 9th–10th, Microsoft Outlook's email services suffered a prolonged outage impacting millions worldwide across its web, mobile, and desktop platforms. The disruption triggered widespread user frustration on social media and highlighted the heavy dependence on cloud-based communication tools. Microsoft responded with infrastructure fixes, gradually restoring service. This incident underscores the critical need for businesses to enhance contingency plans amid rising digital vulnerabilities.

Experts Warn of Rising Infostealer Malware After 16 Billion Credentials Exposed
Experts Warn of Rising Infostealer Malware After 16 Billion Credentials Exposed

Cybersecurity experts reveal a massive exposure of 16 billion login credentials across top platforms, driven by infostealer malware. This surge in stolen data fuels underground markets and complex cybercrime operations. As attacks grow 58% in 2024, stronger personal and organizational defenses are urgently needed.

Microsoft SharePoint Under Global Cyberattack: Urgent Security Flaws Exposed
Microsoft SharePoint Under Global Cyberattack: Urgent Security Flaws Exposed

Microsoft has disclosed active cyberattacks exploiting security flaws in its SharePoint collaboration software, affecting thousands of organizations worldwide. While patches are out for some versions, older iterations remain vulnerable, putting sensitive business and government data at risk. Experts warn attackers can gain persistent access, steal data, and even impersonate users, underscoring the urgent need for comprehensive cybersecurity measures.

Vanta Raises $150M, Achieves $4B Valuation Backed by CrowdStrike & Atlassian
Vanta Raises $150M, Achieves $4B Valuation Backed by CrowdStrike & Atlassian

Vanta, the compliance software startup specializing in cybersecurity and privacy frameworks, has secured $150 million in its latest round, pushing its valuation to $4 billion. Supported by investors like CrowdStrike Ventures and Atlassian Ventures, Vanta’s platform helps over 12,000 customers automate compliance with vital standards such as SOC 2 and ISO 27001. CEO Christina Cacioppo highlights the company’s rapid growth amid rising cyberattack threats, reflecting a broader market trend where businesses are investing heavily in tools to manage and mitigate security risks. As regulatory scrutiny tightens and cyber risks escalate, Vanta’s automation technology offers a crucial lifeline to companies striving to protect their data and vendor networks.

Can Foreign Governments Hack WhatsApp? Unpacking The Truth Behind The Claims
Can Foreign Governments Hack WhatsApp? Unpacking The Truth Behind The Claims

Iran recently accused WhatsApp of spying without any evidence, while WhatsApp denied these claims. With a user base of 3 billion, WhatsApp uses strong end-to-end encryption. However, Israeli-linked spyware like Pegasus has previously exploited WhatsApp vulnerabilities. These attacks often involve spearphishing, a targeted approach to install spyware. Users can protect themselves by staying cautious with emails, enabling two-factor authentication, and updating software regularly.

Cartier Confirms Data Breach Exposes Customer Information in Cyberattack
Cartier Confirms Data Breach Exposes Customer Information in Cyberattack

Luxury jeweller Cartier recently confirmed a cyberattack that temporarily breached its systems, compromising limited customer details such as names, email addresses, and countries. No sensitive information like passwords or financial data were affected. The incident reflects a wider trend of cyberattacks targeting premium retail brands, prompting Cartier to strengthen its cybersecurity measures and coordinate with experts and authorities to safeguard customer information.

Sam Altman’s World to Launch Iris-Scanning Orb Identity in UK from June 12
Sam Altman’s World to Launch Iris-Scanning Orb Identity in UK from June 12

World, the startup led by Sam Altman, is launching its iris-scanning Orb device in the UK beginning June 12. This biometric system creates a unique World ID to verify human users and prevent AI and bot fraud. Already popular in the US with over 13 million users, World’s tech is gaining traction with governments and enterprises focused on identity security amid rising AI threats.

Microsoft Halts China-Based Engineers’ Support for U.S. Pentagon Cloud Services
Microsoft Halts China-Based Engineers’ Support for U.S. Pentagon Cloud Services

Following concerns about cybersecurity risks, Microsoft has changed its policy to prevent engineers based in China from providing tech support for U.S. Pentagon cloud services. This move highlights growing tensions between global tech collaboration and national security priorities, particularly as the Defense Department increasingly relies on cloud infrastructure. Experts see this as a necessary shift amid escalating cyber threats.

Trump Administration Expands Golden Dome Missile Defense Partners Beyond SpaceX
Trump Administration Expands Golden Dome Missile Defense Partners Beyond SpaceX

Facing strained relations with Elon Musk, the Trump administration expands its Golden Dome missile defense program partnership beyond SpaceX, welcoming Amazon’s Project Kuiper and established defense contractors. This strategic diversification aims to strengthen the $175 billion space-based shield amid rapid timelines, cybersecurity challenges, and evolving geopolitical tensions. The shift underscores a broader trend of integrating commercial technologies into national defense infrastructure.

Top 10 U.S. States Best Prepared for Climate Risks and Extreme Weather in 2025
Top 10 U.S. States Best Prepared for Climate Risks and Extreme Weather in 2025

As natural disasters grow more frequent and costly, CNBC’s 2025 analysis ranks the top 10 U.S. states best equipped to handle climate risks. From Nevada's renewable energy leadership to Michigan's strong resilience investments, this report highlights how states differ in disaster preparedness, renewable adoption, and infrastructure robustness amid accelerating climate challenges.