Microsoft has issued a critical security alert following the discovery that multiple state-linked Chinese hacking groups are exploiting a newly identified zero-day vulnerability in its widely used SharePoint software, putting thousands of corporate and government systems at risk.
The vulnerability, designated CVE-2025-53770, affects self-hosted versions of SharePoint and allows attackers to steal private security keys and remotely install malware, potentially granting full control over affected networks.
Microsoft confirmed that the flaw was actively exploited before a security patch was available, classifying it as a zero-day exploit.
In a blog post published on Tuesday, July 22, Microsoft revealed that at least three Advanced Persistent Threat (APT) groups, believed to be backed by the Chinese government, have been actively exploiting the vulnerability since July 7. These groups include:
READ ALSO: Microsoft report outlines AI roadmap for Nigeria
Microsoft disclosed that the hackers have been targeting unpatched SharePoint servers to access confidential data, plant persistent backdoors, and move laterally across internal systems.
“Organizations running self-hosted SharePoint servers should assume breach and initiate comprehensive forensic investigations,” the company warned in its statement.
It further cautioned that these malicious activities are likely to intensify:
“We assess with high confidence that threat actors will continue to integrate these exploits into their attacks against unpatched on-premises SharePoint systems.”
To counter the threat, Microsoft said it has released security updates covering all supported versions of SharePoint vulnerable to CVE-2025-53770 and a related bug, CVE-2025-53771. The company is urging users to apply these patches immediately to avoid compromise.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also flagged the flaw as dangerous, warning that it can allow hackers to access internal file systems, modify configurations, and execute malicious code remotely, effectively giving attackers administrative-level control over affected servers.
Cybersecurity analysts estimate that thousands of organizations — including government agencies, energy companies, universities, and private enterprises — could be vulnerable, especially those running outdated or unpatched SharePoint environments.
This incident echoes earlier high-profile attacks linked to Chinese actors, such as the 2021 mass breach of Microsoft Exchange email servers, which compromised the inboxes of over 60,000 organizations worldwide. That campaign was allegedly orchestrated by a Chinese state-backed group known as Hafnium, according to a U.S. Justice Department indictment that year.
While Beijing has frequently denied responsibility for such attacks, the increasing pattern of cyber incidents involving Chinese-linked actors continues to draw international concern.
Business7 days ago
Crime1 week ago
Business1 week ago
Latest3 days ago
Latest4 days ago
Politics1 week ago
Education1 week ago
Business4 days ago