Morocco ReportMorocco ReportMorocco Report
  • Automotive
  • Business
  • Entertainment
  • Health
  • Lifestyle
  • Luxury
  • News
  • More
    • Sports
    • Technology
    • Travel
Reading: Microsoft says state-backed Chinese groups exploited server flaws
Share
Font ResizerAa
Font ResizerAa
Morocco ReportMorocco Report
Search
  • Automotive
  • Business
  • Entertainment
  • Health
  • Lifestyle
  • Luxury
  • News
  • More
    • Sports
    • Technology
    • Travel
© 2022 Morocco Report | All Rights Reserved
Home » Microsoft says state-backed Chinese groups exploited server flaws
News

Microsoft says state-backed Chinese groups exploited server flaws

Published: July 24, 2025
Share
SHARE

The United States National Nuclear Security Administration (NNSA) is among approximately 400 organizations that have been compromised in a wave of cyberattacks exploiting newly discovered vulnerabilities in Microsoft SharePoint servers. According to Microsoft and Dutch cybersecurity firm Eye Security, the intrusions have been attributed to three China-based threat groups, including two believed to be state-sponsored.

Microsoft confirmed exploitation by China-based hacking groups

Microsoft reported that the threat actors, identified as Linen Typhoon, Violet Typhoon and Storm-2603, began targeting vulnerable on-premises SharePoint servers starting in early July 2025. These actors exploited several security flaws listed as CVE-2025-49704, CVE-2025-49706, CVE-2025-53770 and CVE-2025-53771, which allow attackers to bypass authentication and remotely execute malicious code. Eye Security detected abnormal activity on a client’s SharePoint server on July 18 and subsequently scanned more than 8,000 publicly accessible servers.

The firm confirmed dozens of compromised systems and expects the total number to increase as further investigations are conducted. Most of the affected organizations are based in the United States and operate across government, defense, healthcare and academic sectors. Microsoft clarified that the vulnerabilities affect only on-premises versions of SharePoint Server and do not impact the cloud-based SharePoint Online platform. In the observed attacks, threat actors used crafted POST requests to install web shells such as files named spinstall0.aspx.

Mitigation measures and geopolitical context shape response

These files enabled the attackers to extract machine key data used for authentication, thereby maintaining unauthorized access. Linen Typhoon has been active since 2012 and is known for targeting institutions involved in policy, government operations and human rights to steal intellectual property. Violet Typhoon, first tracked in 2015, has focused on espionage efforts directed at non-governmental organizations, academic institutions, media outlets and former military personnel in the United States, Europe and East Asia.

Microsoft assesses with medium confidence that Storm-2603 is based in China but has not linked it to the other known actors. This group has previously deployed ransomware in other operations. Microsoft has released critical security updates for supported versions of SharePoint Server, including the Subscription Edition, 2019 and 2016. The company advised immediate installation of these patches and recommended additional steps such as rotating machine keys, enabling the Antimalware Scan Interface in full mode and deploying Microsoft Defender for Endpoint or equivalent tools to detect post-exploitation activity.

The cyberattacks coincide with broader geopolitical tensions and a reassessment of technology cooperation between the United States and China. Reports indicate that Amazon has shut down its artificial intelligence lab in Shanghai, while McKinsey & Company has restricted its China operations from engaging in AI-related projects. Microsoft and IBM have also reduced their China-based research efforts as scrutiny of U.S. technology partnerships continues to grow. – By Content Syndication Services.

You Might Also Like

Bahrain and UK review regional tensions and economic risks
South Korea confronts rapid rise in lumpy skin disease cases within a week
Somalia faces famine as US urges more donation
Fire-stricken ferry is due back in Swedish ports
About 2 million air fryers were recalled because of fire hazards
Share This Article
Facebook TwitterEmail Print
Previous Article Bitcoin remains rangebound as regulatory clarity awaited
Next Article PH’s Ayala Group retains spots on FTSE4Good Index Series, affirms strong ESG practices

Latest News

Northern Ontario wildfires trigger evacuations and closures
Northern Ontario wildfires trigger evacuations and closures
UN extends Red Sea attack reporting through January 2027
UN Extends Red Sea Attack Monitoring Through January 2027
Bangladesh floods kill 51 and affect one million people
Bangladesh floods kill 51 and affect one million people
India and Australia deepen ties across defence and energy
India and Australia deepen ties across defence and energy
Italy and GCC sign MoU to expand political cooperation
Italy and GCC sign MoU to expand political cooperation
Macron visit puts Syria reconstruction deals in focus
Macron visit puts Syria reconstruction deals in focus
© 2026 Morocco Report | All Rights Reserved
  • Home
  • Contact Us
Welcome Back!

Sign in to your account