Ethical Hacking News
Chinese hackers have launched a wave of attacks targeting Microsoft Sharepoint, exploiting zero-day vulnerabilities to breach dozens of organizations worldwide. The attacks, dubbed "ToolShell," have left many scrambling to patch their systems, as Microsoft releases emergency patches for impacted versions of Sharepoint.
Dozens of organizations worldwide have been breached by a group of hackers linked to the Chinese government. The attacks, dubbed "ToolShell," exploited two previously unknown vulnerabilities in Microsoft Sharepoint: CVE-2025-49706 and CVE-2025-49704. At least 54 organizations were confirmed to have been breached by the attackers, who gained unauthenticated access to systems and executed code over the network. The attacks highlighted the need for organizations to stay vigilant and prioritize their cybersecurity posture in response to emerging threats.
Microsoft Sharepoint, a popular collaboration platform used by organizations worldwide, has been targeted by a group of hackers linked to the Chinese government. In a recent wave of attacks, threat actors have exploited zero-day vulnerabilities in Microsoft Sharepoint, compromising dozens of organizations globally.
The attacks, dubbed "ToolShell" by cybersecurity experts, took advantage of two previously unknown vulnerabilities in Microsoft Sharepoint: CVE-2025-49706 and CVE-2025-49704. The exploits were first spotted by Dutch cybersecurity firm Eye Security on Friday, with the company confirming that at least 54 organizations had been breached.
The attackers used the exploit chain to gain unauthenticated access to systems, enabling malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network. The attacks have left many organizations scrambling to patch their systems, as Microsoft has only recently released emergency patches for impacted versions of Sharepoint.
According to Charles Carmakal, CTO of Google Cloud's Mandiant Consulting, "We assess that at least one of the actors responsible for this early exploitation is a China-nexus threat actor. It's critical to understand that multiple actors are now actively exploiting this vulnerability."
Carmakal further noted that "We fully anticipate that this trend will continue, as various other threat actors, driven by diverse motivations, will leverage this exploit as well."
The attacks have raised concerns about the global security landscape, as Chinese hackers have been linked to several high-profile breaches in recent months. The incident highlights the ever-evolving nature of cybersecurity threats and the need for organizations to stay vigilant.
In response to the outbreak, Microsoft has released emergency patches for affected versions of Sharepoint, as well as new CVE IDs for zero-days used by threat actors to compromise fully patched SharePoint servers. Additionally, CISA (Cybersecurity and Infrastructure Security Agency) has added the CVE-2025-53770 remote code execution vulnerability to its Known Exploited Vulnerability catalog.
The incident serves as a stark reminder of the importance of timely patching and the need for organizations to prioritize their cybersecurity posture. As threat actors continue to adapt and exploit new vulnerabilities, it is crucial that organizations stay proactive in protecting themselves against emerging threats.
The Pwn2Own hacking contest, which took place in Berlin earlier this year, also played a significant role in exposing the vulnerability. Researchers from Viettel Cyber Security demonstrated the exploits during the contest, highlighting the need for organizations to remain vigilant and take swift action against identified vulnerabilities.
In conclusion, the ToolShell attacks linked to Chinese hackers serve as a stark reminder of the ever-evolving nature of cybersecurity threats. As threat actors continue to adapt and exploit new vulnerabilities, it is crucial that organizations prioritize their cybersecurity posture and stay proactive in protecting themselves against emerging threats.
Chinese hackers have launched a wave of attacks targeting Microsoft Sharepoint, exploiting zero-day vulnerabilities to breach dozens of organizations worldwide. The attacks, dubbed "ToolShell," have left many scrambling to patch their systems, as Microsoft releases emergency patches for impacted versions of Sharepoint.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-Sharepoint-ToolShell-Attacks-Linked-to-Chinese-Hackers-A-Looming-Threat-to-Global-Security-ehn.shtml
https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-toolshell-attacks-linked-to-chinese-hackers/
https://nvd.nist.gov/vuln/detail/CVE-2025-49706
https://www.cvedetails.com/cve/CVE-2025-49706/
https://nvd.nist.gov/vuln/detail/CVE-2025-49704
https://www.cvedetails.com/cve/CVE-2025-49704/
https://nvd.nist.gov/vuln/detail/CVE-2025-53770
https://www.cvedetails.com/cve/CVE-2025-53770/
Published: Tue Jul 22 07:27:28 2025 by llama3.2 3B Q4_K_M
