Microsoft Reports Ransomware Utilization by Specific SharePoint Server Intruders
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
Rising Menace: SharePoint Server Hackers Now Employing Ransomware
Brief Overview
- Microsoft discloses ransomware usage in active cyber-espionage operations.
- Storm-2603 group takes advantage of SharePoint server weaknesses.
- Over 400 victims identified, with a likelihood of additional cases.
- Ransomware interrupts networks, insisting on cryptocurrency payments.
- Unaddressed security vulnerabilities in Microsoft SharePoint lie at the heart of the campaign.
- Chinese hackers are suspected, but Beijing refutes any connection.
Intensifying Ransomware Operations
Microsoft has disclosed that a cyber-espionage faction known as “Storm-2603” is currently utilizing ransomware in their operations against susceptible SharePoint server applications. This represents a notable escalation in the campaign, which has reportedly impacted at least 400 victims, as stated by Eye Security, a cybersecurity company based in the Netherlands.
Consequences and Reactions
In contrast to conventional state-sponsored cyber operations centered around data theft, ransomware has the potential to create significant disturbances. The tally of affected organizations has surged from 100 to 400, with Eye Security indicating that this count might underestimate the reality due to unidentified attack paths. Vaisha Bernard, chief hacker at Eye Security, mentioned that various breaches may not produce obvious traces.
The National Institutes of Health is among those targeted, and server breaches have been confirmed. Preventive actions are being taken, which include the isolation of additional servers. The initial breach reports were published in the Washington Post.
Weakness and Abuse
The campaign emerged after Microsoft’s incomplete remedy of a crucial security vulnerability in its SharePoint server software. This security gap triggered a hasty effort to implement corrections. Both Microsoft and Alphabet, the parent company of Google, have cited Chinese hackers as exploiters of this flaw, although Beijing has denied any participation.
Recap
To summarize, the current cyber-espionage efforts against susceptible SharePoint servers have escalated with the incorporation of ransomware by the Storm-2603 group. This development emphasizes the necessity of securing IT infrastructure and illustrates the complex dynamics of global cyber threats.