Ransomware escalates Microsoft SharePoint cyberattack, hundreds of organisations impacted

A concerning development has emerged from a cyber-espionage campaign that exploits vulnerabilities in outdated Microsoft SharePoint server software. Microsoft has reported that the hacking group known as "Storm-2603" has escalated its operations by introducing ransomware into the mix, transforming what was initially a surveillance tactic into a destructive threat. In a recent blog post, Microsoft detailed how this notorious group has shifted its approach, now using the same vulnerability to deploy ransomware that locks down networks and demands cryptocurrency ransoms for restoration. Dutch cybersecurity firm Eye Security revealed that at least 400 organizations have already fallen victim to this attack, a significant rise from the 100 victims identified just days ago. Vaisha Bernard, the chief hacker at Eye Security, noted that the true number is likely much higher, as not all attack vectors have left detectable traces. This shift from traditional espionage methods to a more aggressive ransomware strategy has raised alarms, with the impact now extending beyond private sector companies to include critical U.S. government institutions. A representative from the National Institutes of Health confirmed that one of its servers had been compromised, stating that additional servers were isolated as a precautionary measure. Reports from NextGov and Politico indicate that several federal agencies, including the Department of Homeland Security, may also have been affected by this campaign. However, as of now, the cybersecurity unit of DHS, CISA, has not commented on the situation. The wave of attacks began following Microsoft's failure to fully patch a known security flaw in its SharePoint software, prompting urgent action from IT administrators globally to secure their systems. While Microsoft has not yet provided detailed information regarding the full extent of the ransomware threat or the identities of all affected organizations, both Microsoft and Alphabet, Google's parent company, have linked the attacks to Chinese state-backed hackers, a claim that the Chinese government has denied.