A China-based hacking group named Storm-2603 is exploiting vulnerabilities in Microsoft SharePoint servers to deploy Warlock ransomware, targeting systems worldwide. Authorities emphasize the importance of immediate security updates to mitigate these ongoing attacks. #Storm2603 #ToolShellVulnerabilities
Keypoints
- Storm-2603 exploits the recently patched ToolShell zero-day vulnerabilities to launch ransomware attacks on SharePoint servers.
- Over 420 vulnerable SharePoint servers are currently exposed online, according to Shadowserver.
- Attackers use tools like Mimikatz, PsExec, and WMI to move laterally and deploy Warlock ransomware across networks.
- Multiple US agencies, including the Department of Energy and NIH, have been compromised in these attacks.
- Microsoft and cybersecurity experts advise immediate patching and following detailed mitigation guidance to prevent infection.