Microsoft Confirms Major Hacking Incident by Chinese Groups

Wed Oct 22 2025 09:39:46 GMT+0300 (Eastern European Summer Time)

**Microsoft Confirms Major Hacking Incident by Chinese Groups**

Microsoft reports that multiple Chinese hacking groups have breached its SharePoint servers, exposing sensitive business data.

The company urges customers to apply security patches immediately as investigations into these cyber threats continue.

Microsoft has disclosed that hackers from several Chinese groups, including state-backed Linen Typhoon and Violet Typhoon, as well as the China-based Storm-2603, have successfully compromised its on-premises SharePoint document software servers. The breaches have raised alarms as sensitive business data from affected organizations is now at risk.

This hacking incident took place through the exploitation of vulnerabilities unique to the on-premises version of SharePoint, which is utilized by many enterprises. Notably, the cloud-based SharePoint service remains safe, according to Microsoft. The tech giant has rapidly responded by rolling out security updates and strongly encourages all businesses using on-premises SharePoint to implement these patches immediately.

In a statement, Microsoft expressed "high confidence" that the threat actors will continue to target systems that have not yet been secured. It is also actively investigating reports of other cybercriminals potentially capitalizing on the same vulnerabilities. As part of the compromise, hackers were able to send malicious requests to SharePoint servers, facilitating the theft of critical cryptographic materials.

Mandiant Consulting's Chief Technology Officer, Charles Carmakal, verified that there are numerous victims across different sectors globally, with a primary focus on government and corporate entities using SharePoint. He emphasized the significant breadth of these attacks, noting that adversaries managed to maintain ongoing access to compromised data before a patch became available.

Carmakal highlighted that Linen Typhoon's focus has been on intellectual property theft, targeting organizations involved in government, defense, strategic planning, and human rights. Similarly, Violet Typhoon specializes in espionage efforts aimed at past military personnel, NGOs, think tanks, educational institutions, and various sectors in the US and internationally. Meanwhile, Storm-2603's activities are assessed with medium confidence as being linked to China-based threat actors.

As the investigation continues, Microsoft is committed to updating its blog with more details regarding the cyber incidents and further precautions for its users.