Microsoft identified a zero-day vulnerability in SharePoint, called 'ToolShell', being exploited by hackers to distribute ransomware. Following its discovery, Microsoft issued a patch covering all supported versions. Eye Security reported that around 400 SharePoint servers were compromised out of 23,000 scanned. Government agencies in the US were notably affected, while UK incidents remained limited. A hacking group, Storm-2603, linked to ransomware deployment, continues to exploit this vulnerability, amplifying the threat until users install necessary patches.
Microsoft has warned that hackers are exploiting a zero-day SharePoint flaw, named 'ToolShell', to spread ransomware, significantly increasing the risk associated with this vulnerability.
At least 400 SharePoint servers were compromised out of 23,000 scanned, affecting various organizations including US government agencies, though limited incidents were reported in the UK.
Current monitoring reveals that the hacking group Storm-2603 is using the SharePoint flaw to deploy Warlock ransomware, pointing to a worrying trend in attack patterns.
Microsoft has expressed confidence that hackers will continue to target unpatched SharePoint systems until they are fully updated, highlighting a serious ongoing security challenge.
Collection
[
|
...
]