Microsoft warns of ransomware surge in SharePoint server attacks linked to Chinese hackers
Microsoft has issued a warring to organisations that are using on-premises SharePoint servers. The tech giant has confirmed that the hackers are exploiting vulnerabilities in its on on-premises SharePoint servers to deploy ransomware. The Microsoft Threat Intelligence team has identified a specific actor, designated
Storm-2603
, as being responsible for these new ransomware campaigns. Earlier, the exploration of SharePoint vulnerabilities led of
data exfiltration
, but the latest observations suggest motivated financial attacks leveraging the Warlock ransomware. Hackers are using the
Warlock ransomware
to paralyze networks and demand cryptocurrency payments.
How the attack works
In an updated blog post Microsoft explains that the attack starts with the exploitation of an internet-facing on-premises SharePoint server. This initial breach grants Storm-2603 access to the environment, often facilitated by a payload named spinstall0.aspx. Once the hacker gains access they then move ahead and deploy ransomware.
Microsoft has confirmed that SharePoint Online is not affected, but on-premises versions—including SharePoint 2016, 2019, and Subscription Edition—remain vulnerable if not patched.
Three Chinese state-sponsored groups behind global attack
Microsoft identified three China-linked groups—Linen Typhoon, Violet Typhoon, and Storm-2603—as exploiting critical vulnerabilities in SharePoint servers that rendered customers running the software on their own networks vulnerable to attack. The breaches affected organizations across multiple sectors, including government agencies, energy companies, consulting firms, and universities spanning from the US to Europe and the Middle East.
No sensitive or classified information was reportedly compromised in the National Nuclear Security Administration breach, according to sources familiar with the matter. The semiautonomous Energy Department arm responsible for producing and dismantling nuclear weapons was targeted alongside other federal agencies including the US Education Department.
What organisation should do
Microsoft has also shared some guidelines for users to protect their on-premises SharePoint Server environment. The company has asked the users to:
- Enable Antimalware Scan Interface (AMSI) integration and deploy Defender AV on all SharePoint servers
- If AMSI cannot be enabled, Microsoft recommends disconnecting servers from the internet
- Use Defender for Endpoint to detect post-exploit activity and monitor for suspicious file creation like spinstall0.aspx
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
2 hours ago
- Time of India
In times of AI, Microsoft engineer reveals secret formula for 4 promotions in just 5 years
Tips for getting promoted in the age of AI: Ritvika Nagula, a Microsoft Azure engineer, discovered that excelling at work wasn't enough for career advancement. She learned the importance of proactively communicating her ambitions, seeking feedback, and aligning her goals with the company's objectives. By taking ownership and actively pursuing opportunities, she achieved four promotions in five years. Tired of too many ads? Remove Ads The Hard Lesson a Microsoft Engineer Learned in Year One Tired of too many ads? Remove Ads Asking the Right Questions to Stay on Track Setting Clear Timelines for Each Promotion The Power of Knowing What the Next Level Looks Like Tired of too many ads? Remove Ads Asking for Opportunities, Not Waiting for Them Owning Your Path in a Changing Tech World FAQs In an era whereis reshaping the tech landscape and pushing employees to redefine their roles, one Microsoft engineer has cracked the code for fast-tracking her career and it didn't involve just writing better Ritvika Nagula joined Microsoft Azure in April 2019 as a new college graduate, she believed one thing that consistently doing good work would naturally lead to promotions, as per a Business Insider shared that, "I guess I was pretty nice. I did not know that I should be proactive about communicating my career aspirations with my manager," as quoted in the report. Nagula pointed out that, "I just thought that if I consistently delivered good quality work, it would eventually naturally lead to promotions," as quoted in the Business Insider who is now a senior software engineer at Microsoft Azure, said that she realised that her initial approach was passive, which can lead to a disconnect between the manager or the leadership and the employee, making them think that the employee is not necessarily career ambitious, according to the READ: Bitcoin's throne is wobbling, and Ethereum could be king soon - here's the story no one is talking about However, she quickly learned that being quiet about her ambitions could be mistaken for a lack of ambition altogether, saying, "That's something I kind of missed during my first year. Since then, I have gotten four promotions in five years," as quoted by Business first year taught her a lesson that promotions don't just happen. She understood that employees have to ask for feedback, make their goals visible, and actively shape their own path to grow in the company, according to the approach became methodical as she then started scheduling biweekly one-on-ones with her manager and made sure that at least once a month, the conversation turned to her growth, as per the Business Insider READ: Is it AI or Trump's policies? US sees brutal 140% layoff spike in July, worst surge since early COVID chaos She shared that, "I try to make sure that once a month I bring up this topic and ask: What do you think is going good? Do you think I could do something better? Is there anything that I might be overlooking and would you suggest I improve on?," as quoted in the Business Insider senior software engineer also started to give herself personal deadlines, aiming to move up a level every 18 months to 24 months, according to the report. She studied Microsoft's internal 'role library', a tool that outlines what's expected at each level, and used that to measure her progress, as per the READ: Giant Wyoming data center to guzzle 5x more power than residents, but the user remains secret Nagula explained that the first thing an employee needs to understand is their expectations, as she said, "what your manager, the team, and the company expect of a person at your current level and what they expect of a person at the next level," adding, "Then, you need to ask what the gap is between the two and how you can close that gap," as quoted in the Business Insider highlighted that self-awareness, or trying to be aware that "this is what is expected of me," is very crucial, according to the report. Nagula advised asking these questions to improve, "Am I hitting all of these checklist items? Am I missing something? Is there something that I don't know that I should know?," as quoted in the Business Insider suggested talking to peers, having work mentors, and talking to one's manager "can help you progress in this area when you try to figure out what you're lacking and what you need to do better," as quoted in the READ: Is Google's AI revolution a threat to website traffic for digital publishers? Here are strategies to stay ahead When she realised that getting to a senior level meant leading a project end-to-end, from design to rollout, she didn't wait for the opportunity to appear, she asked for it, according to the shared her approach, saying, "That was something I identified I needed and would have frequent conversations with my manager to put it out there to him. I'd say: If you are targeting my next promotion, I believe this is what I need to do. So how can we identify opportunities for such projects?" as quoted by Business pointed out that her method gave her manager the impression that, "Yes, she looks to be ready and she's interested in doing more and delivering more than what she's actually doing right now," as quoted in the way, whenever there was a new feature or opportunity, her manager would remember, "Hey, I have this one person who mentioned that she would be interested in picking up something like this," as quoted in the Business Insider READ: As the July jobs report paints a grim picture, 114 companies plan layoffs in August - is yours on the list? Nagula also highlighted that, "Getting promoted is not just doing the work that you've been asked to do; it's also taking ownership, taking control, and trying to find these opportunities for yourself," as quoted in the report. She emphasised that, "It's also not just about what work you are doing; sometimes, it also matters how high the impact of that work is, and it has to align with your team's goals and the company's goals," as quoted by Business READ: China's job crisis spurs bizarre trend: Young Chinese pay companies just to pretend they have a job — here's why Because visibility, ownership, and alignment with company goals also matter.A proactive one — asking questions, seeking feedback, and taking control of their path.
Indian Express
7 hours ago
- Indian Express
Microsoft targets Meta's AI top talent with multimillion-dollar offers: Report
Microsoft may be looking to one-up Meta by poaching AI talent that the social media giant itself lured from other companies. The Windows maker has put together a list of the top engineers and AI researchers at Meta, according to a report by Business Insider. Microsoft is also aiming to match Meta's compensation for top AI talent as part of its new process to make its offers more competitive. This process includes directing recruiters to designate suitable candidates as 'critical AI talent' so that the company's executives can more quickly respond with a top offer to those candidates, as per the report. These offers amount to millions of dollars, including multimillion-dollar on-hire bonuses. Engineers and researchers already working at Microsoft have maximum compensation packages of $408,000 as well as $1.9 million in on-hire stock awards, $1.5 million in annual stock awards, and annual cash bonuses as high as 90 per cent, as per the company's purported internal pay guidelines. Microsoft's push to recruit top AI talent signals that it is willing to reshuffle its workforce to stay ahead in the AI race, even if it means stretching beyond its usual pay limits to outpace rivals. The move also comes against the backdrop of Microsoft's plans to axe thousands of jobs in what has shaped up to be its largest round of job cuts in a year. There are two AI teams at Microsoft, namely: Microsoft AI led by former Google DeepMind cofounder Mustafa Suleyman and CoreAI, another team led by former Meta engineering head Jay Parikh. Microsoft's internal spreadsheets reportedly show that it appears to be targeting employees working at Meta's Reality Labs, GenAI Infrastructure, and Meta AI Research divisions. Meta itself has been making nine-figure offers to lure top AI talent from other companies such as OpenAI. Shengjia Zhao, one of the creators of ChatGPT, was recently named as the chief scientist of Meta Superintelligence Labs (MSL). Mark Chen, OpenAI's research officer, has previously likened Meta's aggressive poaching spree to a home invasion. Meanwhile, OpenAI recently announced a 'special one-time award' to its AI researchers and engineers across several departments, including applied engineering, scaling, and safety. The bonuses were announced a day before the ChatGPT maker unveiled GPT-5, its latest and most advanced large language model (LLM). More than 1,000 OpenAI employees are eligible for the bonus, according to a report by The Verge. The ChatGPT-maker is currently valued at $300 billion.
Time of India
8 hours ago
- Time of India
Passwords under threat as tech giants seek tougher security
By Mona Guichard Paris: Fingerprints, access keys and facial recognition are putting a new squeeze on passwords as the traditional computer security method -- but also running into public hesitancy. "The password era is ending," two senior figures at Microsoft wrote in a July blog post. The tech giant has been building "more secure" alternatives to log in for years -- and has since May been offering them by default to new users. Many other online services -- such as artificial intelligence giant OpenAI's ChatGPT chatbot -- require steps like entering a numerical code emailed to a user's known address before granting access to potentially sensitive data. "Passwords are often weak and people re-use them" across different online services, said Benoit Grunemwald, a cybersecurity expert with Eset. Sophisticated attackers can crack a word of eight characters or fewer within minutes or even seconds, he pointed out. And passwords are often the prize booty in data leaks from online platforms, in cases where "they are improperly stored by the people supposed to protect them and keep them safe," Grunemwald said. One massive database of around 16 billion login credentials amassed from hacked files was discovered in June by researchers from media outlet Cybernews. The pressure on passwords has tech giants rushing to find safter alternatives. Tricky switchover One group, the Fast Identity Online Alliance (FIDO) brings together heavyweights including Google, Microsoft, Apple, Amazon and TikTok. The companies have been working on creating and popularising password-free login methods, especially promoting the use of so-called access keys. These use a separate device like a smartphone to authorise logins, relying on a pin code or biometric input such as a fingerprint reader or face recognition instead of a password. Troy Hunt, whose website Have I Been Pwned allows people to check whether their login details have been leaked online, says the new systems have big advantages. "With passkeys, you cannot accidentally give your passkey to a phishing site" -- a page that mimics the appearance of a provider such as an employer or bank to dupe people into entering their login details -- he said. But the Australian cybersecurity expert recalled that the last rites have been read for passwords many times before. "Ten years ago we had the same question... the reality is that we have more passwords now than we ever did before," Hunt said. Although many large platforms are stepping up login security, large numbers of sites still use simple usernames and passwords as credentials. The transition to an unfamiliar system can also be confusing for users. Passkeys have to be set up on a device before they can be used to log in. Restoring them if a PIN code is forgotten or trusted smartphone lost or stolen is also more complicated than a familiar password reset procedure. "The thing that passwords have going for them, and the reason that we still have them, is that everybody knows how to use them," Hunt said. Ultimately the human factor will remain at the heart of computer security, Eset's Grunemwald said. "People will have to take good care of security on their smartphone and devices, because they'll be the things most targeted" in future, he warned.
