All articles tagged with #storm 2603
Microsoft reports that the threat group Storm-2603, suspected to be China-based, is exploiting SharePoint vulnerabilities (CVE-2025-49706 and CVE-2025-49704) to deploy Warlock ransomware, using web shells, credential harvesting, and lateral movement techniques. Users are advised to update SharePoint, apply security patches, and implement security best practices to mitigate the threat.
A China-based hacking group, Storm-2603, is exploiting vulnerabilities in Microsoft SharePoint servers to deploy Warlock ransomware, affecting over 420 servers globally and targeting various U.S. government agencies and organizations, with Microsoft urging immediate security updates.
Microsoft has linked recent exploits of SharePoint Server vulnerabilities to three Chinese hacker groups—Linen Typhoon, Violet Typhoon, and Storm-2603—who are leveraging these flaws to gain unauthorized access and deploy web shells, with ongoing risks for unpatched on-premises SharePoint systems. The company urges immediate security updates and mitigations to prevent further attacks.