Security Stop-Press: Chinese Hackers Exploit SharePoint Flaws



Written by Pronetic

Pronetic is a leading provider of core IT support for ISO 27001, Cyber Essentials and Cyber Essentials Plus compliance.



July 30, 2025

Microsoft has confirmed that Chinese state-linked hackers are exploiting critical flaws in on-premises SharePoint servers to steal data and deploy ransomware.

The groups, known as Linen Typhoon, Violet Typhoon, and Storm-2603, are targeting government, defence, and business organisations by abusing spoofing and remote code execution vulnerabilities. Cloud-based SharePoint systems are not affected.

Victims have been reported across multiple sectors and countries, including the UK. Microsoft says the attacks allow hackers to steal credentials, disable security tools, and spread ransomware such as Warlock.

Storm-2603, a China-based group, has been observed using a malicious script called spinstall0.aspx to gain access and escalate privileges inside networks. Microsoft has warned that more attackers are likely to adopt these methods.

To stay secure, businesses using on-prem SharePoint must install Microsoft’s latest security updates, rotate ASP.NET machine keys, enable AMSI protection, and use advanced endpoint detection tools to block post-exploit activity.

← Prev: Sustainability-In-Tech : New AI Factory Powered By Renewable Energy in Arctic Company Check - WeTransfer Under Fire Over New Data Terms →

Why Your Business Needs to Upgrade to Windows 11 Before Windows 10 Ends

Sep 17, 2025

Have you heard the news? Microsoft will officially end support for Windows 10 on 14th October 2025. That’s just around...

Featured Article : Sainsbury’s Facial Recognition Combats Shoplifting

Sep 10, 2025

Sainsbury’s has begun testing facial recognition technology in selected stores to identify repeat offenders and reduce...

Tech Insight : Government Trial Shows No CoPilot Productivity Boost

Sep 10, 2025

A three-month evaluation of Microsoft’s M365 Copilot AI assistant in a key UK department found mixed results and few...

0 Comments

Submit a Comment Cancel reply

Why Choose Pronetic

We Are ISO 27001 & Cyber Essentials Plus Certified

Be reassured that we have been externally audited. You can have complete peace of mind that the team managing your IT systems and safeguarding your data are independently vetted annually.

Seamless & Comprehensive IT Support

Our investment in people, tools and processes, continuously improved, ensures that we don’t just deliver exceptional I.T. support but include your compliance to Cyber Essentials or ISO 27001 “baked-in”. Yes, that means no more annual headaches and stress when your certification comes round.

Expert Support Money Back Guarantee

We're confident in the value we deliver. That's why we offer a 90-day, no-quibble money-back guarantee. If, for any reason, you're not completely satisfied with our IT support services, we'll provide a full refund and cancel your contract without any hassle.

Book Your Free IT Strategy Call Now!

Simply Fill In The Form Below To Receive Your Free IT Strategy Call:

By submitting this form, you consent to us using your personal information to contact you. For more information please see our privacy policy.

Portsmouth: 023 9200 9806

info@pronetic.co.uk

Mon - Fri: 8.00 am - 6.00 pm

Have a question?