"It now appears other Beijing crews - including Salt Typhoon, which famously hacked America's major telecommunications firms and stole information belonging to nearly every American - also joined in the attacks. On Wednesday, the Symantec and Carbon Black threat hunters said China-based attackers using malware linked to Salt Typhoon abused ToolShell to break into a Middle East telecom company and two African government departments shortly after the vulnerability was patched."
"In July, Microsoft patched the so-called ToolShell vulnerability ( CVE-2025-53770), a critical remote code execution bug in on-premises SharePoint servers. But before Redmond fixed the flaw, Chinese attackers found and exploited it as a zero-day, compromising more than 400 organizations, including the US Energy Department. At the time, Microsoft attributed the break-ins to three China-based groups. These included two government-backed groups: Linen Typhoon (aka Emissary Panda, APT27), which typically steals intellectual property."
Multiple China-based threat groups exploited the ToolShell vulnerability (CVE-2025-53770) in on-premises Microsoft SharePoint servers as a zero-day, compromising over 400 organizations including the US Energy Department. Microsoft linked initial intrusions to three China-based groups: government-backed Linen Typhoon (Emissary Panda, APT27) and Violet Typhoon (Zirconium, APT31), plus suspected criminal Storm-2603 using Warlock ransomware. Additional Beijing crews, including Salt Typhoon, also abused the flaw to target a Middle East telecom, two African government departments, government agencies, a university, and a finance company. Symantec and Carbon Black uncovered more victims and malware tools, including use of the Zingdoor HTTP backdoor written in Go.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]