Ransomware Tied to Microsoft Vulnerability Hits Over 400 Targets

WASHINGTON, July 23 (Reuters) – A serious cyber-espionage campaign involving vulnerable versions of Microsoft’s server software has escalated into a ransomware attack, Microsoft reported on Thursday. The company identified a group called ‘Storm-2603’ as the perpetrator, using the flaw to introduce ransomware that cripples networks until a digital currency is paid.

According to the cybersecurity firm Eye Security, at least 400 victims have been affected by this campaign, a significant rise from about 100 victims reported over the weekend. Eye Security’s chief hacker, Vaisha Bernard, warned that the actual number may be higher, as many attacks may not leave detectable traces.

“There are many more, because not all attack vectors have left artifacts that we could scan for,” Bernard stated, emphasizing the widespread impact of the threat.

The identities of most victim organizations remain undisclosed, but a representative from the National Institutes of Health confirmed that one of its servers had been compromised. “Additional servers were isolated as a precaution,” the representative said. This breach was first reported by the Washington Post.

Other media outlets have indicated that the hacking spree may have affected a broader range of U.S. government agencies. NextGov reported that the Department of Homeland Security and potentially more than a dozen other agencies could be victims.

Politico cited U.S. officials claiming multiple agencies were breached, although details remain scarce. The Cybersecurity and Infrastructure Security Agency (CISA), part of the DHS, has not yet responded to requests for comments on these reports.

The advanced cyber-espionage effort allegedly began after Microsoft failed to fully address a security vulnerability in its SharePoint server software. Both Microsoft and Google’s parent company, Alphabet, have attributed the attacks to Chinese hackers, a claim that has been denied by Beijing.