Watch this Video to see... (128 Mb)

Prepare yourself for a journey full of surprises and meaning, as novel and unique discoveries await you ahead.

Microsoft Reports SharePoint Vulnerability Now Linked to Ransomware Attacks

Microsoft has announced that a known cyber-espionage campaign exploiting unpatched versions of its SharePoint server software has taken a more dangerous turn, now involving the use of ransomware.

In a blog update posted late Wednesday, the tech giant revealed that the hacking group it calls “Storm-2603” is using the existing SharePoint vulnerability to distribute ransomware — a malicious tool that encrypts systems or files, demanding payment in cryptocurrency for their release.

This shift signals a notable escalation in the scope of the campaign, which was initially focused on gathering intelligence and stealing data. Dutch cybersecurity company Eye Security reports that the number of compromised organizations has jumped to over 400 — a fourfold increase from the 100 confirmed earlier this week.

However, that figure could be significantly underestimated.

“There are likely many more victims, as not every intrusion leaves behind forensic evidence we can track,” explained Vaisha Bernard, chief hacker at Eye Security, which was among the first to detect signs of the attacks.

Most of the affected entities have not yet been named. Still, the National Institutes of Health (NIH) confirmed on Wednesday that one of its servers had been breached.

“We’ve isolated additional systems as a precaution,” said an NIH spokesperson. The incident was initially reported by The Washington Post.

Several media outlets suggest the breach could impact a broader set of U.S. government agencies. According to NextGov, citing multiple sources, the Department of Homeland Security (DHS) and between five to a dozen other federal organizations may also have been targeted.

Politico, referencing two unnamed U.S. officials, also reported that multiple government institutions were likely compromised during the campaign.

At this time, the Cybersecurity and Infrastructure Security Agency (CISA), which operates under DHS, has not responded to inquiries. Microsoft has also not provided further clarification regarding the ransomware aspect of the breach or which agencies may have been affected.

The attacks trace back to Microsoft’s incomplete patching of a critical SharePoint vulnerability. The flaw triggered a wave of exploitation efforts by various threat actors once it became publicly known.

Both Microsoft and Google’s parent company, Alphabet, have previously named Chinese-linked hacking groups as participants in exploiting the flaw. However, Chinese authorities have denied any involvement in the incidents.

Leave a Reply

Your email address will not be published. Required fields are marked *