Straitstimes.com header logo

Microsoft says some SharePoint server hackers now use ransomware

Sign up now: Get ST's newsletters delivered to your inbox

Microsoft failed to fully patch a security hole in its SharePoint server software.

The spy campaign kicked off after Microsoft failed to fully patch a security hole in its SharePoint server software.

PHOTO: REUTERS

Follow topic:

WASHINGTON - A cyber-espionage campaign centred on vulnerable versions of

Microsoft’s server software

now involves the deployment of ransomware, Microsoft said in a blog post on July 23.

In the post, citing “expanded analysis and threat intelligence”, Microsoft said a group it dubs Storm-2603 is using the vulnerability to seed the ransomware, which typically works by paralysing victims’ networks until a digital currency payment is made.

The disclosure marks a potential escalation in the campaign, which has already hit at least 400 victims, according to Netherlands-based cyber security firm Eye Security. Unlike typical state-backed hacker campaigns, which are aimed at stealing data, ransomware can cause widespread disruption depending on where it lands.

The figure of 400 victims represents a sharp rise from the 100 organisations catalogued over the weekend. Eye Security says the figure is likely an undercount.

“There are many more, because not all attack vectors have left artefacts that we could scan for,” said Mr Vaisha Bernard, the chief hacker for Eye Security, which was among the first organisations to flag the breaches.

The details of most of the victim organisations have not yet been fully disclosed, but a representative for the National Institutes of Health confirmed on July 23 that one of the organisation’s servers had been compromised.

“Additional servers were isolated as a precaution,” he said. The news of the compromise was first reported by the Washington Post.

Other outlets said the hacking campaign had breached an even broader range of US agencies. NextGov, citing multiple people familiar with the matter, reported the Department of Homeland Security had been hit, along with more than five to 12 other agencies.

Politico, which cited two US officials, said multiple agencies were believed to have been breached.

DHS’ Cybersecurity and Infrastructure Security Agency (Cisa) did not immediately return a message seeking comment on the reports. Microsoft did not immediately return a message seeking further details on the ransomware angle of the hacking or the reported government victims.

The spy campaign kicked off after Microsoft failed to fully patch a security hole in its SharePoint server software, kicking off a scramble to fix the vulnerability when it was discovered.

Microsoft and its tech rival, Google owner Alphabet, have both said Chinese hackers are among those taking advantage of the flaw. Beijing has denied the claim. REUTERS

More on this topic
How China’s growing cyber-hacking capabilities have raised alarm around the world
Microsoft server hack has now hit 400 victims, researchers say
See more on

E-paper

Newsletters

Podcasts

RSS Feed

About Us

Terms & Conditions

Privacy Policy

Need help? Reach us here.

Advertise with us

Download the app

Get unlimited access to exclusive stories and incisive insights from the ST newsroom
Subscribe Placeholder
MDDI (P) 046/10/2025. Published by SPH Media Limited, Co. Regn. No.202120748H. Copyright © 2025 SPH Media Limited. All rights reserved.