Chinese Threat Groups Exploit Zero-Day Vulnerabilities in Microsoft SharePoint

23 Jul 2025

CybercrimeCybersecurityResearchThreatsChinaCybersecurity and Infrastructure Security Agency (CISA)exploitExploitationLinen TyphoonMandiantMicrosoftMicrosoft Threat Intelligence CenterStorm-2603Violet Typhoonzero dayszero-days

Chinese-linked threat groups, identified as Linen Typhoon, Violet Typhoon, and Storm-2603, have initiated a series of zero-day attacks targeting Microsoft SharePoint. These attacks, which began over the weekend, exploit previously unknown vulnerabilities in SharePoint, allowing attackers to compromise targeted systems. While the specific impacts of these attacks remain undisclosed, the involvement of multiple threat groups suggests a coordinated effort or a shared exploitation method. The use of zero-day vulnerabilities underscores the critical need for robust threat detection and response mechanisms, as these vulnerabilities are unpatched and can lead to significant unauthorized access and data breaches. The cybersecurity landscape is increasingly witnessing state-sponsored groups targeting enterprise software, highlighting the importance of continuous monitoring, threat intelligence sharing, and rapid incident response. Organizations should prioritize network segmentation, anomaly detection, and vendor coordination to mitigate the risks posed by such advanced threats.