Storm-2603: Targeting SharePoint Vulnerabilities and Critical Infrastructure Worldwide

• The threat group Storm-2603 is actively exploiting Microsoft SharePoint vulnerabilities to gain unauthorized access to critical infrastructure worldwide.
• Their attacks use a specialized toolkit and have a dual motive: espionage and financial gain through deploying ransomware.
• This highlights the urgent need for organizations to apply all security patches to their SharePoint environments to protect against these severe vulnerabilities and the associated ransomware threat.

This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs Threat Operations team on major threat actor groups currently operating globally.