Multiple China-based threat groups are exploiting vulnerabilities in SharePoint servers to gain access and conduct espionage or theft. Microsoft and cybersecurity experts warn that the attacks are widespread, sophisticated, and may continue even after patches are applied. #LinenTyphoon #VioletTyphoon
Keypoints
- Chinese nation-state groups Linen Typhoon and Violet Typhoon are actively targeting SharePoint servers using recent vulnerabilities.
- The attacks involve vulnerabilities CVE-2025-49706, CVE-2025-49704, and related bypass bugs CVE-2025-53770 and CVE-2025-53771.
- Impact is significant among government, military, academic, and corporate organizations globally.
- Attacker motives include theft of intellectual property and espionage, with some groups using ransomware strains like Warlock and Lockbit.
- Cybersecurity experts emphasize the importance of patching vulnerabilities promptly to prevent long-term access and data exfiltration.
Read More: https://therecord.media/microsoft-sharepoint-vulnerabilities-china-groups-exploiting