China Behind Global Cyberattack Exploiting Microsoft SharePoint: US Agencies Among 100+ Targets
A massive cyberattack uncovered this week is linked to Chinese state-sponsored hackers. They targeted a critical Microsoft SharePoint vulnerability to breach over 100 organizations, including several U.S. government agencies, global corporations, and infrastructure operators. The breach, revealed on July 22, 2025, is regarded as one of the most sophisticated cyber-espionage operations in recent years.
The attackers took advantage of a zero-day vulnerability (CVE‑2025‑53770) in on-premises Microsoft SharePoint servers. This allowed them to access sensitive systems remotely. Reports from cybersecurity firms, along with confirmations from Microsoft, showed that the vulnerability permitted remote code execution (RCE). This gave the hackers control over entire server environments. The breach went undetected for months. Evidence indicates that the exploitation started as early as May 2025.
Microsoft and U.S. federal investigators have linked the attack to China-related Advanced Persistent Threat (APT) groups, specifically APT31 and APT40 as primary suspects. These groups have a history of carrying out global cyber-espionage campaigns for the Chinese government.
China has denied any involvement, describing the allegations as “baseless” and “politically motivated.”
Affected Entities
At least six U.S. federal agencies, along with many defense contractors, energy companies, and tech firms in Europe and Asia, have been impacted. Reports show:
- Infiltration of internal communications
- Extraction of confidential documents
- Tampering with server configurations
Technical Details: CVE‑2025‑53770
- Vulnerability Type: Remote Code Execution (RCE)
- Component Affected: Microsoft SharePoint (on-premises)
- Status: Emergency patch released by Microsoft
- Exploitation Window: ~May 2025 – July 2025
- Impact: Credential theft, system compromise, persistent access
Security researchers claim Microsoft was made aware of the flaw months earlier, raising concerns about delayed mitigation and enterprise risk.This incident resembles earlier nation-state attacks, including SolarWinds in 2020 and Exchange Server hacks in 2021, but it affects a more cloud-based setup.
Global Reaction
Cybersecurity agencies from Germany, UK, Japan, and Australia have issued similar warnings. Analysts warn that such breaches could destabilize diplomatic relationships, with espionage extending into critical infrastructure and defense systems.
This incident has reignited debates about cloud dependency, supply chain security, and the urgency of zero-trust architecture.
This cyberattack underscores the fragile nature of global digital systems in the face of state-sponsored cyberwarfare. As global tensions escalate, it’s vital for governments and corporations to reassess their digital defense posture and adopt proactive cybersecurity strategies.
👍For More Update, Please Visit Tech Verse Today
