Sunday, 15 March, 2026
SharePoint Hackers Shift from Espionage to Ransomware, Impacting 400+ Organizations
By Isha
Microsoft warns that the threat group Storm-2603, linked to China, is now weaponizing a SharePoint zero-day to deploy Warlock ransomware, crippling on-premises servers and demanding crypto ransoms. Over 400 victims—including the U.S. National Institutes of Health—have been hit. The shift from data theft to financially motivated attacks underscores urgent need to patch SharePoint, rotate cryptographic keys, enhance monitoring, and isolate vulnerable servers immediately.
Read full story at Economic Times