中国黑客利用微软SharePoint的缺陷,利用多种恶意软件类型和技术,违反了全球组织。 Chinese hackers exploited a Microsoft SharePoint flaw to breach global organizations, using multiple malware types and techniques.

中国国营黑客利用微软 SharePoint 脆弱性CVE-2025-53770(又称Toolshell), 违反北美、南美、非洲和中东的政府机构、电信供应商、大学及金融机构。 Chinese state-linked hackers exploited the unpatched Microsoft SharePoint vulnerability CVE-2025-53770, also known as ToolShell, to breach government agencies, telecom providers, universities, and financial institutions across North America, South America, Africa, and the Middle East. 该缺陷于2025年7月修补,允许远程代码执行,在补救前作为零天使用。 The flaw, patched in July 2025, allowed remote code execution and was used as a zero-day before remediation. 攻击者使用了恶意软件,包括Zingdoor、ShadowPad和Krusty Loader, 使用合法工具进行DLL(DLL)侧载,并利用陆地外生活技术躲避探测。 Attackers deployed malware including Zingdoor, ShadowPad, and KrustyLoader, used DLL sideloading with legitimate tools, and leveraged living-off-the-land techniques to evade detection. 中国多个网络团体,包括盐台风、莱茵台风和紫色台风,都参与了协调一致的运动,并有协作和共享工具的证据。 Multiple Chinese cyber groups, including Salt Typhoon, Linen Typhoon, and Violet Typhoon, were involved in a coordinated campaign, with evidence of collaboration and shared tools. 美国的CISA将脆弱性加到其已知的被利用的脆弱性目录上,敦促紧急修补以减轻现有风险。 The U.S. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, urging urgent patching to mitigate ongoing risks.