<img height="1" width="1" style="display: none" alt="" src="https://px.ads.linkedin.com/collect/?pid=1098858&amp;fmt=gif">

Chinese Hackers Hit 400+ Organizations in Massive SharePoint Attack, Federal Agencies Compromised

Chinese hackers exploited Microsoft SharePoint zero-days, hitting 400+ organizations including US federal agencies. Ransomware, espionage, and emergency patches detailed.
Content Team
By Content Team
Last updated:

Over 400 organizations worldwide fell victim to Chinese hackers exploiting zero-day vulnerabilities in Microsoft SharePoint servers, including the Departments of Energy, Homeland Security, and Health and Human Services. The attack began Friday using the "ToolShell" exploit that bypasses multi-factor authentication.

Three Chinese threat groups are involved: Storm-2603 deployed Warlock ransomware starting July 18, while government-affiliated Linen Typhoon and Violet Typhoon focused on stealing intellectual property and espionage. Microsoft released emergency patches Monday, but nearly 11,000 SharePoint instances remained exposed Wednesday. Federal agencies report no confirmed data breaches so far, though investigations continue.

Source: CyberScoop
Share this article
Share on facebook Share on linkedin Share on twitter Share on email
blog_book_a_demo_cta_3x
Have questions about protecting your software?
Our escrow experts are standing by to help.
Book a free demo
YOU MAY ALSO LIKE
Cyberattacks
Pro-Ukraine Hackers Disrupt Aeroflot, Canceling Dozens of Flights
Jul 30, 2025
Vulnerabilities
Chinese Hackers Exploit VMware Flaws to Break Into Isolated Networks
Jul 31, 2025
Data breaches
Hackers Use 250+ Fake Korean Apps to Steal Data and Blackmail Victims
Jul 31, 2025
Vulnerabilities
CISA Warns of Critical Security Flaws in Major Industrial and Medical Devices
Jul 30, 2025