EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Microsoft SharePoint ToolShell Flaws Exploited to Spread Warlock Ransomware
    • Home
    • Cyber +
    • Microsoft SharePoint ToolShell Flaws Exploited to Spread Warlock Ransomware

    Microsoft SharePoint ToolShell Flaws Exploited to Spread Warlock Ransomware

    Written by
    The Editorial Team
    07.29.25
    Cyber +
    01
    MIN
    Microsoft SharePoint ToolShell Flaws Exploited to Spread Warlock Ransomware
    Microsoft SharePoint ToolShell Flaws Exploited to Spread Warlock Ransomware
    Microsoft SharePoint ToolShell Flaws Exploited to Spread Warlock Ransomware
    Image India: Shiva’s Eye in the Empire of “Spyware-as-a-Service”
    Cyber +
    05.20.26 Cyber +
    Next article
    India: Shiva’s Eye in the Empire of “Spyware-as-a-Service”
    Read
    10
    MIN
    Image [Roads of surveillance]. 6– Policies, Laws and Responses: Who Regulates Surveillance?
    Cyber +
    04.23.26 Cyber +
    Next article
    Roads of surveillance. 6– Policies, Laws and Responses: Who Regulates Surveillance?
    Read
    07
    MIN
    Image Palantir Technologies asserts the cultural superiority of the West and considers ethics obsolete in defense matters
    Cyber +
    04.22.26 Cyber +
    Next article
    Palantir Technologies asserts the cultural superiority of the West and considers ethics obsolete in defense matters
    Read
    01
    MIN
    Image AI Secure: Are we really powerless in the face of the threat?
    Cyber +
    04.22.26 Cyber +
    Next article
    AI Secure: Are we really powerless in the face of the threat?
    Read
    04
    MIN
    Chinese cyberespionage groups have used the same vulnerabilities to breach over 400 critical and government organizations globally

    On July 24, 2025, Microsoft disclosed that the Chinese cybercriminal group Storm-2603 exploited recently discovered ToolShell vulnerabilities in on-premise versions of Microsoft SharePoint to deploy the Warlock ransomware. First detected in June 2025, Warlock operates under a Ransomware-as-a-Service (RaaS) model and is already linked to 11 confirmed victims.

    The ToolShell vulnerabilities, made public on July 18, 2025, have also been weaponized by two Chinese state-linked cyberespionage groups—Linen Typhoon and Violet Typhoon—over the past several weeks. These groups are believed to have infiltrated more than 400 critical and government organizations worldwide. The United States was the most targeted country, accounting for 13% of the breaches.

    U.S. authorities have confirmed that the National Institutes of Health were among the affected entities. They also acknowledged the compromise of “a very limited number of systems” at the National Nuclear Security Administration (NNSA), the agency responsible for overseeing the U.S. nuclear arsenal.

    Storm-2603’s Warlock attacks began on July 18, 2025. While they leverage the same SharePoint vulnerabilities, Microsoft indicated that these ransomware campaigns are not directly connected to the espionage operations conducted by Linen Typhoon and Violet Typhoon.

    The Editorial Team
    07.29.25
    Articles by the same author:
    1
    05.27.26 Cyber stability
    The ECB summons European banks to discuss AI-related risks
    Read
    01
    MIN
    2
    05.25.26 Cybercrime
    France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Read
    01
    MIN
    3
    05.25.26 Cybercrime
    Arrest of Canadian man suspected of running the KimWolf botnet
    Read
    01
    MIN
    4
    05.25.26 Digital transformation
    Canada: government ready to amend its law on law enforcement access to data
    Read
    01
    MIN
    Image India: Shiva’s Eye in the Empire of “Spyware-as-a-Service”
    Cyber +
    05.20.26 Cyber +
    Next article
    India: Shiva’s Eye in the Empire of “Spyware-as-a-Service”
    Read
    10
    MIN
    Image [Roads of surveillance]. 6– Policies, Laws and Responses: Who Regulates Surveillance?
    Cyber +
    04.23.26 Cyber +
    Next article
    Roads of surveillance. 6– Policies, Laws and Responses: Who Regulates Surveillance?
    Read
    07
    MIN
    Image Palantir Technologies asserts the cultural superiority of the West and considers ethics obsolete in defense matters
    Cyber +
    04.22.26 Cyber +
    Next article
    Palantir Technologies asserts the cultural superiority of the West and considers ethics obsolete in defense matters
    Read
    01
    MIN
    Image AI Secure: Are we really powerless in the face of the threat?
    Cyber +
    04.22.26 Cyber +
    Next article
    AI Secure: Are we really powerless in the face of the threat?
    Read
    04
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.