IIPLA News
Wednesday, July 23, 2025

China-Linked Hackers Target Microsoft SharePoint in Alarming Global IP Theft Campaign

adminanonymous access0 articles left this week
Chinese hacker working in governmental hacking room with Chinese flag

The two critical flaws, tracked as CVE-2025-53770 and CVE-2025-53771, were initially patched by Microsoft on July 8 with partial fixes, but a more comprehensive emergency patch had to be released on July 22 following ongoing exploitation and mounting pressure from cybersecurity watchdogs.

Security researchers from Mandiant, in collaboration with the U.S. Cybersecurity and Infrastructure Security Agency (CISA), reported that these vulnerabilities allowed attackers to execute remote code and install a malicious web shell disguised as a legitimate SharePoint file. This access enabled lateral movement within networks, theft of cryptographic MachineKeys, and persistent access—sometimes even surviving reboots and software updates.

What’s alarming is the nature and scope of these intrusions. Unlike random ransomware attacks, this campaign is surgical and focused, with a clear goal: stealing intellectual property and classified information. Linen Typhoon, for instance, has a long history of targeting defense contractors and aerospace firms. Violet Typhoon is known for going after think tanks, financial organizations, and universities engaged in cutting-edge research. Storm-2603, though less documented, is believed to have ransomware capabilities and may be evolving into an espionage tool for hire.

More than 54 organizations, including U.S. federal agencies, European tech firms, and research institutions in Asia, have already been identified as confirmed victims, though the true number may be much higher. Thousands of unpatched SharePoint servers remain vulnerable, making the threat both immediate and widespread.

Cybersecurity experts warn that even organizations who have already applied patches may still be at risk if attackers deployed backdoors or siphoned off credentials before the fixes. Microsoft and CISA have issued urgent guidance: isolate affected servers, rotate all cryptographic and authentication keys, and audit systems for unusual activity involving SharePoint.

Share This Article
Ready-to-post copy includes the article link.

China-Linked Hackers Target Microsoft SharePoint in Alarming Global IP Theft Campaign The two critical flaws, tracked as CVE-2025-53770 and CVE-2025-53771, were initially patched by Microsoft on July 8 with partial fixes, but a more comprehensive emergency patch had to be released on July 22 following... Read the full IIPLA article: https://iipla.org/news/china-hackers-sharepoint-ip-theft

Related Coverage

Continue in the newsroom

Back to newsroom
IP News

Purple Rain Co-Star Ends Apollonia Trademark Rights Suit

‘Purple Rain’ Co-Star Ends ‘Apollonia’ Trademark Rights Suit By Editorial Team Patty Apollonia Kotero, known for her role as Prince’s co-star in the iconic 1984 film “Purple Rain,” has decided to drop her lawsuit agai...

Thursday, April 9, 2026