Microsoft Warns SharePoint Hackers Now Deploying Ransomware Amid Widening U.S. Agency Breaches
A Microsoft blog post released on Wednesday revealed that a hacker group identified as “Storm-2603” has begun using a previously exploited vulnerability in Microsoft SharePoint Server to launch ransomware attacks. Originally part of a cyber-espionage campaign, the attackers are now paralyzing victims’ systems and demanding payment in digital currency, marking a troubling escalation from simple data theft to operational disruption.
According to Eye Security, a cybersecurity firm based in the Netherlands, the number of affected organizations has surged to at least 400, a dramatic increase from the 100 reported just days ago. The actual number may be even higher due to the lack of digital traces in some cases. Vaisha Bernard, chief hacker at Eye Security, warned that many compromised systems could go undetected without visible attack artifacts.
The National Institutes of Health (NIH) confirmed that one of its servers was compromised, with additional servers isolated as a precaution. Meanwhile, reports from outlets like the Washington Post, NextGov, and Politico suggest the breach has extended to other U.S. government agencies, including the Department of Homeland Security (DHS) and potentially up to a dozen more.
This wave of cyberattacks began after Microsoft failed to fully patch a vulnerability in its SharePoint server software. The incomplete fix triggered a rush among organizations to secure their systems, but attackers exploited the delay. While Microsoft and Google have attributed some activity to Chinese state-backed actors, Beijing has denied any involvement.
Neither Microsoft nor CISA, the cyber defense branch of DHS, have offered further details on the ransomware incidents or the extent of government exposure. The campaign’s evolution from espionage to ransomware highlights the growing complexity and danger of state-aligned and financially motivated cyber threats targeting critical digital infrastructure.
Source: Reuters