Chinese threat actors exploited the ToolShell vulnerability in Microsoft SharePoint to access multiple international organizations, including government agencies and a telecom company. The attacks involved weaponized zero-day exploits, espionage tactics, and the deployment of various malicious tools. #ToolShell #CVE2025-53770
Keypoints
- Threat actors linked to China exploited the CVE-2025-53770 vulnerability in SharePoint servers.
- The attacks targeted government agencies, telecom companies, universities, and a finance organization across multiple continents.
- Multiple Chinese hacking groups, including Linen Typhoon, Violet Typhoon, and Salt Typhoon, were involved in weaponizing the flaw.
- Tools such as KrustyLoader, Zingdoor, ShadowPad, and payload delivery techniques like DLL side-loading were used in the attacks.
- The campaign aimed at credential theft, establishing stealthy access, and espionage activities against different organizations worldwide.
Read More: https://thehackernews.com/2025/10/chinese-threat-actors-exploit-toolshell.html