Microsoft Server Compromised by Chinese Cyber Actors: Immediate Security Alerts Issued

Mon Oct 20 2025 16:39:09 GMT+0300 (Eastern European Summer Time)

Chinese hackers have infiltrated Microsoft’s SharePoint servers, threatening user data as the company urges swift action on security updates.

Microsoft has identified a series of breaches linked to Chinese hacking groups targeting its SharePoint software, warning users to enhance their security measures.

Chinese hacking groups, including state-backed Linen Typhoon and Violet Typhoon, alongside the group Storm-2603, have successfully hacked Microsoft's SharePoint document software servers, compromising data from businesses utilizing the platform. Microsoft reported that these actors "exploited vulnerabilities" within on-premises SharePoint servers, while the company's cloud-based service remained unaffected. To mitigate risks, Microsoft has promptly rolled out security updates and urged all users of on-premises SharePoint servers to apply them immediately.

In an official statement, Microsoft expressed its "high confidence" in the likelihood of continued attempts by these hackers to target unprotected systems. Investigations into other potential attackers leveraging these exploits are still ongoing, indicating the severity of the situation.

The tech giant highlighted that hackers have targeted SharePoint by initiating requests that allowed the theft of key materials. Charles Carmakal, chief technology officer at Mandiant Consulting, noted that numerous victims from various sectors across the globe have been affected. He emphasized that government and business entities relying on SharePoint have been primarily in the crosshairs of these attacks.

Carmakal described the targeting as broad and opportunistic, occurring before necessary security patches were available, marking its significance. He indicated that the methods employed by the “China-nexus actor” align closely with previous campaigns linked to Beijing.

Microsoft detailed that Linen Typhoon had been engaged in stealing intellectual property for over 13 years, particularly focusing on organizations involved in government, defense, strategic planning, and human rights. Meanwhile, Violet Typhoon is believed to be concentrating on espionage activities, specifically targeting former government and military personnel, NGOs, think tanks, academic institutions, media outlets, as well as the financial and healthcare sectors across the US, Europe, and East Asia.

Storm-2603 is assessed to pose a medium-level threat and is also considered a China-based actor. As Microsoft prepares for cuts to its workforce amid rising investments in AI, hackers continue to pose a significant challenge to its security protocols.