SharePoint - SparTech Software

The new China-based Storm-2603 group is deploying Warlock ransomware on Microsoft SharePoint servers.

A sophisticated cyber threat actor known as Storm-2603 has been identified exploiting critical vulnerabilities in Microsoft SharePoint to deploy Warlock ransomware on unpatched enterprise systems. According to Microsoft’s recent security advisory, this group, believed to be China-based, is leveraging unpatched flaws in on-premises SharePoint servers to gain unauthorized access, establish persistence, and spread ransomware across targeted networks.

Spartech Software July 24, 2025

Cybersecurity News

The agency responsible for overseeing America’s nuclear weapons stockpile was a victim of the China’s recent SharePoint Frenzy attack.

The U.S. National Nuclear Security Administration (NNSA), the agency responsible for overseeing America’s nuclear weapons stockpile, was among several government institutions recently targeted in a widespread cyberattack that exploited critical vulnerabilities in Microsoft’s on-premises SharePoint software.

Spartech Software July 23, 2025

Cybersecurity News

Microsoft SharePoint ToolShell attacks linked to Chinese-state hackers.

A major wave of cyberattacks, referred to as “ToolShell,” has recently targeted Microsoft SharePoint servers around the world. These attacks have been attributed to Chinese state-linked hackers and have affected government agencies, critical infrastructure, universities, and multinational corporations. The campaign exploited a chain of zero-day vulnerabilities in on-premises versions of Microsoft SharePoint, allowing for unauthenticated remote code execution and full system compromise.

Spartech Software July 22, 2025

Cybersecurity News

Microsoft SharePoint zero-day exploited in remote code execution attacks around the world.

Categorized as a remote code execution (RCE) flaw, this vulnerability is currently being exploited on a large scale, allowing attackers to take complete control of exposed on-premises SharePoint servers. As government agencies, educational institutions, energy sector, and major enterprises scramble to secure their infrastructure, understanding the mechanics, impact, and mitigations for this attack has become paramount.

Spartech Software July 21, 2025

Cybersecurity News

Microsoft investigating SharePoint authentication issues.

Microsoft is actively investigating ongoing access issues affecting SharePoint Online, part of the Microsoft 365 suite. Users have reported intermittent errors, including “Something went wrong” messages and HTTP 503 failures when attempting to access SharePoint sites.

Spartech Software July 4, 2025

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC