T4K3.news

Storm-2603 targets SharePoint flaws

Microsoft warns that Warlock ransomware is spreading to over 400 victims via SharePoint vulnerabilities.

July 24, 2025 at 10:37 AM

Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems

More than 400 victims are affected by ransomware attacks exploiting SharePoint flaws.

Storm-2603 Uses SharePoint Vulnerabilities to Spread Warlock Ransomware

Microsoft has confirmed that the threat group known as Storm-2603 is behind the exploitation of vulnerabilities in SharePoint. These flaws allow the group to deploy Warlock ransomware on unpatched systems. The vulnerabilities being targeted include CVE-2025-49706 and CVE-2025-49704, which are related to spoofing and remote code execution. The attack begins with the use of a web shell payload, which grants attackers command execution capabilities.White House monitoring shows that this group, suspected to be based in China, has been previously known for using ransomware like LockBit. The attacks leverage various techniques, including credential harvesting using Mimikatz and lateral movement through the target’s network. Microsoft has urged users to improve their security measures, such as applying the latest updates and ensuring antivirus protections are in place. This advice comes amidst reports that over 400 organizations have already fallen victim to these attacks.

Key Takeaways

✔️

Storm-2603 is exploiting SharePoint vulnerabilities to deploy Warlock ransomware.

✔️

Over 400 organizations have already been attacked using these methods.

✔️

The vulnerabilities provide hackers with initial access to target networks.

✔️

Credential harvesting and lateral movement are common tactics used by attackers.

✔️

Microsoft emphasizes the importance of regular updates and security protocols.

✔️

Cybersecurity experts warn of a rise in similar exploitation tactics among cybercriminals.

"Cybersecurity is a common challenge faced by all countries and should be addressed jointly through dialogue and cooperation."

A statement from China's Foreign Ministry highlights the international dimension of cybersecurity threats.

"Storm-2603 is then observed modifying Group Policy Objects to distribute Warlock ransomware."

This illustrates the advanced techniques used by the attackers to ensure the spread of their malware.

The ongoing exploitation of SharePoint vulnerabilities highlights a growing trend in cyberattacks where threat actors utilize well-known software flaws to carry out ransomware campaigns. The involvement of groups like Storm-2603 and their ties to state-sponsored actors raise concerns about the sophistication and resources that these entities possess. As the attacks continue, there is a pressing need for organizations to prioritize cybersecurity measures, especially for widely used platforms like SharePoint, to mitigate risks. The global ramifications of these activities cannot be understated, as they challenge both corporate interests and national security.

Highlights

Cybersecurity breaches can have massive repercussions for organizations.
Staying updated is not just a choice but a necessity in today's digital landscape.
Ignoring vulnerabilities is an invitation to disaster for any organization.
The line between financial crime and state-sponsored hacking is increasingly blurred.

High Risk of Cyber Threats

The ongoing exploitation of vulnerabilities poses significant risks to organizations relying on SharePoint, potentially leading to severe financial losses and data breaches.

The implications of these attacks underscore the need for vigilance against evolving cyber threats.

🏷️

sharepoint ransomware storm-2603 microsoft cybersecurity cybersecurity technology

Enjoyed this? Let your friends know!