Prepare yourself for a journey full of surprises and meaning, as novel and unique discoveries await you ahead.

Microsoft Warns SharePoint Server Flaw Now Being Used to Deploy Ransomware

Microsoft has revealed that a previously known cyber-espionage campaign targeting vulnerable versions of its SharePoint server software has evolved to include ransomware attacks.

In a blog post published late Wednesday, Microsoft shared updated threat intelligence showing that a hacking group it refers to as “Storm-2603” is now exploiting the SharePoint vulnerability to deliver ransomware. This type of malware typically encrypts a victim’s data or locks up systems until a ransom, usually paid in cryptocurrency, is made.

This development marks a significant escalation in the campaign, which was originally focused on espionage and data theft. According to Dutch cybersecurity firm Eye Security, the number of affected organizations has surged to at least 400 — a dramatic increase from the 100 victims reported just days prior.

That number may still fall short of the true scale of the attacks.

“We expect the actual number is much higher because not all intrusions left behind digital traces that we can detect,” said Vaisha Bernard, chief hacker at Eye Security, one of the earliest groups to detect the breach activity.

So far, the full list of affected organizations has not been made public. However, the National Institutes of Health (NIH) confirmed Wednesday that one of its servers had been compromised.

“As a precautionary step, we’ve isolated additional servers,” said a spokesperson for NIH. The Washington Post was the first to report on NIH’s involvement.

Other media outlets reported that the breach may extend to a larger group of U.S. government agencies. According to NextGov, which cited multiple sources, the Department of Homeland Security (DHS) and at least five to a dozen other federal agencies may have also been targeted.

Politico, citing two unnamed U.S. officials, similarly reported that several government bodies are believed to have been compromised in the ongoing operation.

As of now, CISA (the Cybersecurity and Infrastructure Security Agency, part of DHS) has not responded to requests for comment. Microsoft also has not issued additional details about the ransomware deployment or the scope of affected government institutions.

The hacking campaign began after Microsoft failed to fully resolve a critical vulnerability in its SharePoint software, prompting a wave of exploitation from various threat actors.

Both Microsoft and Google’s parent company, Alphabet, have previously identified Chinese-linked hackers as participants in exploiting the flaw. China has denied any involvement in the attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *