Chinese Hackers Breach Over 100 Organizations via SharePoint

Chinese Hackers Breach Over 100 Organizations via SharePoint

I
Inspirepreneur Team
Jul 23, 2025 1:00 PM IST
Category Asia
microsoft sharepoint

Synopsis

Massive Cyberattack on Over 100 Organizations Globally Over 100 organizations globally have been hit by a targeted cyberattack that took advantage of a critical vulnerability in Microsoft's SharePoint servers. Microsoft had acknowledged the breach…

01
Chapter one

Massive Cyberattack on Over 100 Organizations Globally

Over 100 organizations globally have been hit by a targeted cyberattack that took advantage of a critical vulnerability in Microsoft's SharePoint servers. Microsoft had acknowledged the breach on Tuesday, identifying several Chinese-affiliated hacker groups behind the attack, which has impacted companies, universities, and government agencies in nations such as the United States and Germany.

The intrusion allegedly started as early as July 7, with cybersecurity professionals noting that the attackers possibly had weeks of unmonitored access to critical systems. Microsoft named the groups as Linen Typhoon, Violet Typhoon, and Storm-2603 — all which have previously been involved in cyber espionage operations attributed to China.

02
Chapter two

Flaw Was Known for Months, But the Patch Didn't Hold

The SharePoint bug was initially found in May at a Berlin hacking competition, where a researcher was rewarded $100,000 to report the bug. Yet, even after Microsoft released a patch in July, security companies claim it wasn't sufficient. Hackers discovered means to circumvent the patch and continued to exploit the vulnerability.

Security firm Sophos said the bug was exploited to steal cryptographic keys and obtain permanent access even after patches had been rolled out. The attack spiked on July 18 and 19, infecting key industries such as telecommunications, software, and government.

The US Cybersecurity and Infrastructure Security Agency has subsequently included the SharePoint vulnerability in its catalog of known exploited vulnerabilities, instructing federal agencies to immediately patch their systems.

03
Chapter three

Who's Behind the Attack and What They Want

Among the actors involved, Linen Typhoon is most famous for attacking government and defense organizations to steal intellectual property. Violet Typhoon was seen spying on NGOs and retired military personnel in the past. Storm-2603 is less well-known but has used ransomware tools in the past.

Experts believe these attackers could remain undetected in systems for months before deploying additional defenses. A former FBI official, Cynthia Kaiser, warned that "The real threat may just be beginning." Microsoft has now issued more detailed security updates and is cooperating with affected groups to limit the damage.


Stay informed. Stay inspired. Subscribe to Inspirepreneur Magazine’s Newsletter for the latest developments on global conflicts, leadership insights, and strategic innovations shaping tomorrow’s world.

I
Written by Inspirepreneur Team

At Inspirepreneurs Magazine, covering entrepreneurship, business failures, and the human stories behind the world's most ambitious founders. She writes at the intersection of strategy and storytelling.