Chinese Hackers Exploit Microsoft Sharepoint 0-Day, Google Warns
The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here.
getty
In what’s one of the more significant series of cyberattacks in 2025, hackers are targeting a severe weakness in Microsoft’s Sharepoint software, which is used by its customers to build and manage shared files. Among the attackers, according to Google security researchers, is a Chinese-affiliated group.
Late last week, Microsoft said it was aware of attacks targeting its SharePoint customers who use the system on their own servers. Google said hackers were using the Sharepoint vulnerability to install malware on those servers, which enables them to steal data, including cryptographic keys protecting sensitive information.
Though Microsoft has said a fix is available for all affected customers, it’s likely many have yet to fully patch their systems. “It’s critical to understand that multiple actors are now actively exploiting this vulnerability,” said Charles Carmakal, CTO of Mandiant Consulting at Google Cloud. “We fully anticipate that this trend will continue, as various other threat actors, driven by diverse motivations, will leverage this exploit as well.”
Carmakal didn’t offer much details on which Chinese hackers were targeting the Sharepoint flaws. But according to the Washington Post, the system is commonly used by American federal and state agencies, making fixes that much more urgent.
Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.
THE BIG STORY:
Microsoft Used Chinese Engineers For Department of Defense Computers
(Photo by NOEL CELIS/AFP via Getty Images)
AFP via Getty Images
ProPublica has reported on a previously-unknown Microsoft program employing China-based coders to maintain Defense Department systems. The Chinese workers were monitored by low-paid, U.S.-based “digital escorts,” few of whom had the technical expertise to ensure the system’s integrity, the news site reported.
There are fears the program may have exposed intelligence to China. Microsoft has since shut the program down.
Stories You Have To Read Today
Google has filed a lawsuit (PDF) claiming 25 unidentified individuals are running the BadBox botnet, which has compromised as many as 10 million internet-connected TVs that use open source Android software. The tech giant has been given permission to stop the accused from operating certain domains they used to run the botnet.
Notting Hill Carnival is going to be using live facial recognition this August in an attempt to identify criminals attending the world-famous event. Privacy activists heavily criticized the move. “Plans to use this dangerous and discriminatory technology should be immediately scrapped,” said Big Brother Watch interim director Rebecca Vincent.
The U.K. government sanctioned three Russian spy units for their part in cyber operations and said it had identified malware developed by Kremlin hackers that had obtained “persistent endpoint access to Microsoft cloud accounts by blending in with legitimate activity.”
Winner of the Week
Exein, a cyber startup that’s created a “digital immune system” for connected devices, has announced a $80 million Series C funding round. Founded in Italy, its security tech is aimed at providers of so-called Internet-of-Things devices, from routers to smart TVs.
Loser of the Week
New Jersey man Navin Khanna has pleaded guilty to running a criminal enterprise that stole thousands of catalytic converters from vehicles and sold them on, making as much as $600 million in the process. Such converters are designed to reduce toxic pollutants from car exhausts. Khanna found he could sell them to a metal refinery that extracted precious metals to make his fortune.
More On Forbes