Microsoft says Chinese hacking groups exploited SharePoint vulnerability in attacks
Key Takeaways
Two Chinese nation-state actors and one China-based threat actor have tried to exploit the vulnerability for weeks, Microsoft said.
Article Overview
Quick insights and key information
3 min read
Estimated completion
investment
Article classification
July 22, 2025
03:31 PM
CNBC
Original publisher
Microsoft said three hacking groups tied to China have exploited a vulnerability affecting some versions of its Point collaboration software
Additionally, Point enables people inside organizations to access internal files (this bears monitoring)
However, Attackers in China also sought to exploit a vulnerability in Microsoft's Exchange Server and calendar software four years ago, considering recent developments
In this articleMSFT your favorite stocksCREATE FREE ACCOUNTMicrosoft CEO Satya Nadella speaks during an event commemorating the 50th anniversary of the company at Microsoft headquarters in Redmond, Washington, on April 4, 2025 (noteworthy indeed)
However, Additionally, Microsoft Corp. , determined to hold its ground in artificial intelligence, will soon let consumers tailor the Copilot digital assistant to their own needs
David Ryder | Bloomberg | Getty ImagesMicrosoft on Tuesday said Chinese hacking groups were part of the recent attacks on its Point collaboration software
As early as July 7, the Chinese nation-state actors it calls Linen Typhoon and Violet Typhoon have been trying to exploit the vulnerability, as has a China-based actor called Storm-2603, Microsoft said in a Tuesday blog post (quite telling)
On the other hand, On Monday, Charles Carmakal, nology chief of the Google-owned Mandiant cybersecurity consulting group, said in a LinkedIn post that "we assess that at least one of the actors responsible for the early exploitation is a China-nexus threat actor. "On Sunday, the U, in today's financial world
Cybersecurity and Infrastructure Security Agency said it was "aware of active exploitation" of the vulnerability, and Microsoft rolled out patches for two versions of its on-premises Point releases, in today's financial world
Additionally, The software company issued a fix for a third version on Monday
Nevertheless, Point is a key component of Microsoft's widely used Office ductivity software, enabling many people inside organizations to access internal files
Firms scramble to secure rare-earth magnets — imports from China surge 660%Figma IPO could value design software maker at $16 billionMicrosoft hit with Point attack affecting global es and governmentsNvidia CEO Jensen Huang sells an additional $12
Furthermore, However, 94 million worth of sLast year, Microsoft CEO Satya Nadella made cybersecurity a top priority after a U
Government report criticized the company's handling of China's breach of U
On the other hand, Government officials' accounts
Moreover, Last week, the company said it would stop relying on engineers based in China to support the Pentagon's use of cloud services, after a media report suggested that the architecture could have led to China-sponsored attacks against the U
In contrast, Defense arm, given the current landscape
In 2021, attackers affiliated with the Chinese nation-state group known as Hafnium targeted a different piece of Office software, Exchange Server, which vides mail and calendar services, in light of current trends
Moreover, WATCH: Clode: Cybersecurity budgets won’t be the ones getting cutwatch now2:5702:57Clode: Cybersecurity budgets won’t be the ones getting cutWorldwide Exchange.
Related Articles
More insights from FinancialBooklet