Chinese hackers are exploiting a new vulnerability in Microsoft SharePoint to deploy ransomware, targeting government and private organizations worldwide. The Storm-2603 group is using Warlock ransomware in targeted attacks, raising global cybersecurity concerns. #Storm-2603 #WarlockRansomware
Keypoints
- Chinese hacker group Storm-2603 exploited CVE-2025-49706 to deploy ransomware via SharePoint vulnerabilities.
- The group is delivering Warlock ransomware and has disabled Microsoft Defender protections in infected environments.
- Victims include over 400 government and business organizations worldwide, with notable breaches in the US.
- Federal agencies such as NNSA and DHS are working with partners to assess and mitigate the impact of these attacks.
- Targeted countries include Germany, Italy, and the United States, with high-value government institutions being primary targets.
Read More: https://therecord.media/microsoft-says-warlock-ransomware-deployed-in-sharepoint-attacks