It’s not just data theft. A China-based hacking group is using a flaw in vulnerable SharePoint servers to deliver ransomware, Microsoft warns.
The severe vulnerability in Microsoft’s SharePoint software is not only paving the way for data theft, but also ransomware attacks.
On Wednesday night, Microsoft issued an alert about a hacking group deploying the new «Warlock» ransomware after exploiting the flaw in SharePoint servers. Its investigation found that a China-based hacking group, called Storm-2603, began deploying the ransomware using the vulnerability starting last Friday — right as the security community became aware of the problem.
Not much is known about Storm-2603; Microsoft hasn’t been able to link its activities with other Chinese state-sponsored hackers, which typically focus on cyberespionage. But the company notes Storm-2603 has been exploiting the SharePoint flaw to try and steal “MachineKeys,” a folder that stores private keys to encrypt communications for computers and users.
