Chinese Hackers are Exploiting SharePoint Zero-Day, say Google and Microsoft

REDMOND, Wash., July 23, 2025 — The security teams at Google and Microsoft have claimed to be in possession of proof regarding Chinese hackers exploiting a zero-day bug in Microsoft SharePoint.

As per security researchers at Google and Microsoft, concrete evidence available with them reveals that hackers backed by China are exploiting a zero-day bug in Microsoft SharePoint.

The tech giants have sounded the alert, as companies around the world are in a fix trying to patch the flaw.

The bug, known officially as CVE-2025-53770, was discovered last weekend and allows hackers to steal sensitive private keys from self-hosted versions of SharePoint, a software server widely used by companies and organizations to store and share internal documents.

In case the hackers dodge preventive measures and exploit the bug, an attacker can use it to remotely plant malware and gain access to the files and data stored within, as well as gain access to other systems on the same network.

Two China-Backed Hacking Groups

Revealing details in a blog post on Tuesday, Microsoft said it had observed at least two previously identified China-backed hacking groups.

As per Microsoft, the groups “Linen Typhoon” and “Violet Typhoon” were tracked exploiting the SharePoint zero-day.

Linen Typhoon is focused on stealing intellectual property, while Violet Typhoon steals private information to be used for espionage, says Microsoft.

The ongoing hacking is a handiwork of a third China-backed hacking group, which Microsoft has termed as “Storm-2603,” representing a hacking group regarding which the company has less information.

However, the company said that the hackers have been linked to ransomware attacks in the past.

According to Microsoft, the three hacking groups were found exploiting the zero-day vulnerability to break into vulnerable SharePoint servers since July 7.

Hacking Incidents

Dozens of organizations have fallen prey to hackers, including entities across the government sector.

As per industry information, the bug is regarded as a zero-day, as limited time for the vendor Microsoft saw the tech giant not issue a patch before it was actively exploited.

Microsoft has since reportedly rolled out patches for all affected versions of SharePoint.

However, security researchers have warned that customers running self-hosted versions of SharePoint must consider them as being compromised.

China Rebuts Allegations

Allegations of carrying out cyberattacks have for a long time been rebuffed by the Chinese government.

However, it has not always openly denied its involvement.

Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, D.C., said in a statement that China “firmly opposes and combats all forms of cyberattacks and cybercrime, a position that is consistent and clear,” as reported by TechCrunch.

With the latest hacking campaign, China has once again been considered responsible for such misadventures in recent years. China-backed hackers were accused of targeting self-hosted Microsoft Exchange email servers in 2021 as part of a mass-hacking campaign.

As per a recent chargesheet issued by the Justice Department, two Chinese hackers have been accused of masterminding the breaches.

The so-called “Hafnium” hacks have reportedly compromised contact information and private mailboxes from more than 60,000 affected servers.

Big Sleep Hacking Attempt

Last week, Google said that it nipped a potential hacking attempt in the bud. The company stated that a large language model (LLM) it developed to find vulnerabilities recently discovered a bug that hackers were preparing to use.

Over the last year, ‘Big Sleep’ has emerged as a key asset in Google’s security team.

Google CEO Sundar Pichai announced that the company’s AI agent, ‘Big Sleep,’ successfully identified and thwarted a cyber exploit before it could be deployed.

Notably, this marks a first-of-its-kind achievement for Artificial Intelligence (AI) in threat prevention.

“New from our security teams: Our AI agent Big Sleep helped us detect and foil an imminent exploit. We believe this is a first for an AI agent, definitely not the last, giving cybersecurity defenders new tools to stop threats before they’re widespread,” Sundar posted on X.

Big Sleep is a tool developed by Google DeepMind and Project Zero to detect hidden security flaws.

The project, which evolved out of vulnerability research, is supported by LLM technology. In November last year, ‘Big Sleep’ found its first real-world bug. The process of locating bugs has continued unabated since then.

The tech giants have sounded the alert as companies around the world are in a fix trying to patch the flaw.

Inputs from Saqib Malik

Editing by David Ryder