Microsoft SharePoint Vulnerabilities: Hackers Now Distributing Ransomware
Hundreds of organisations and government agencies have reportedly fallen victim to a significant espionage campaign attributed to Chinese state-sponsored hackers. This breach was facilitated by Microsoft’s failure to patch a vulnerability in its SharePoint software in May. Among the most alarming incidents was the recent breach of the United States National Nuclear Security Agency, which is responsible for managing the nation’s nuclear weapons stockpile. The ongoing exploitation of this flaw has raised serious concerns about national security and the integrity of sensitive information.
Microsoft has identified a specific group, referred to as Storm-2603, that is deploying ransomware while exploiting these vulnerabilities. This group is believed to be linked to the People’s Republic of China, although investigations into their exact affiliations are still underway. Microsoft has previously observed Storm-2603 using Warlock and LockBit ransomware, but the company has not yet been able to ascertain the group’s ultimate objectives. The emergence of ransomware in this context indicates a shift in the campaign’s focus, moving beyond mere espionage to potentially crippling operations through system encryption. Additionally, Microsoft has identified two other Chinese state threat actors, Linen Typhoon and Violet Typhoon, who are also exploiting the SharePoint vulnerabilities.