The evolving SharePoint threat

chinese hacker
  • A campaign targeting vulnerable Microsoft SharePoint servers has escalated from cyber-espionage to deploying ransomware.
  • This marks a significant shift in tactics, causing operational disruption for numerous organizations.

Microsoft has recently issued a warning about an escalating cyber-espionage campaign targeting vulnerable SharePoint servers. Initially focused on data theft, this operation has now introduced ransomware into its attack strategy. The company identified a group named “Storm-2603” as the perpetrator, which exploits a known security flaw to deploy this malicious software.

This change in tactics could lead to more severe consequences for compromised networks. The ransomware typically paralyzes a victim’s network until a payment is made in cryptocurrency, a departure from traditional state-backed campaigns that primarily seek to steal information.

Widespread Impact and High-Profile Victims

The number of organizations affected by the SharePoint vulnerability is substantial and continues to grow. According to a Dutch cybersecurity firm, Eye Security, at least 400 organizations have been compromised, a significant increase from the 100 reported just a few days earlier.

The actual number of victims is likely much higher, as many attacks may not have left detectable traces. One of the confirmed victims is the U.S. National Institutes of Health, which reported that one of its servers was breached. In response, the organization isolated additional servers as a precaution against further attacks.

Other reports suggest that several U.S. government agencies, including the Department of Homeland Security, may also be among the victims. Both NextGov and Politico have cited sources indicating that multiple government bodies have been compromised.

The CISA, the cyber-defense arm of the DHS, has not officially commented on these reports. Similarly, Microsoft has not provided further details on the ransomware aspect of the attacks or the identity of the government agencies allegedly affected.

The Origin of the Flaw

The campaign began after Microsoft failed to fully address a known security vulnerability in its SharePoint server software. The flaw created an opportunity for hackers to exploit the system, leading to the current wave of attacks. Both Microsoft and Alphabet have previously suggested that Chinese hackers are among those utilizing the vulnerability.

This claim has been officially denied by Beijing. The combination of different motivations, from espionage to financial gain through ransomware, makes this campaign particularly complex and challenging to defend against.

Did you know?

The “Storm-2603” designation is a temporary code name used by Microsoft to track emerging threat actors whose motives and affiliations are not yet fully understood. This practice allows the company to monitor and communicate about new threats even before they can be definitively attributed to a specific group or country.

Read more..

SpyBug

Germany’s Defense Tech Revolution: AI to Bio-Robots

Alaska Airlines

Alaska Airlines Grounds Flights Amid IT Outage

Tom Cotton

Microsoft Ends China Engineer Support for US Military

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.