Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Advertising and Sponsorship
    • Profile & Readership
    • Contact Us
    • Latest News
    • Privacy & Cookies Policies
    • Terms of Use
    • Advertising Terms
    • Issue 81
    • Issue 80
    • Issue 79
    • Issue 78
    • Issue 77
    • Issue 76
    • Issue 75
    • Issue 74
    • Issue 73
    • Issue 72
    • Issue 71
    • Issue 70
    • View All
    • About the Awards
    • Awards Timetable
    • Awards Winners
    • Submit Nominations
    • Testimonials
    • Media Room
    • FAQ
    • Asset Management Awards
    • Brand of the Year Awards
    • Business Awards
    • Cash Management Banking Awards
    • Banking Technology Awards
    • CEO Awards
    • Customer Service Awards
    • CSR Awards
    • Deal of the Year Awards
    • Corporate Governance Awards
    • Corporate Banking Awards
    • Digital Transformation Awards
    • Fintech Awards
    • Education & Training Awards
    • ESG & Sustainability Awards
    • ESG Awards
    • Forex Banking Awards
    • Innovation Awards
    • Insurance & Takaful Awards
    • Investment Banking Awards
    • Investor Relations Awards
    • Leadership Awards
    • Islamic Banking Awards
    • Real Estate Awards
    • Project Finance Awards
    • Process & Product Awards
    • Telecommunication Awards
    • HR & Recruitment Awards
    • Trade Finance Awards
    • The Next 100 Global Awards
    • Wealth Management Awards
    • Travel Awards
    • Years of Excellence Awards
    • Publishing Principles
    • Ownership & Funding
    • Corrections Policy
    • Editorial Code of Ethics
    • Diversity & Inclusion Policy
    • Fact Checking Policy
    Original content: Global Banking and Finance Review - https://www.globalbankingandfinance.com

    A global financial intelligence and recognition platform delivering authoritative insights, data-driven analysis, and institutional benchmarking across Banking, Capital Markets, Investment, Technology, and Financial Infrastructure.

    Copyright © 2010-2026 - All Rights Reserved. | Sitemap | Tags

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    1. Home
    2. >Headlines
    3. >Microsoft says some SharePoint server hackers now using ransomware
    Headlines

    Microsoft Says Some SharePoint Server Hackers Now Using Ransomware

    Published by Global Banking & Finance Review®

    Posted on July 23, 2025

    2 min read

    Last updated: January 22, 2026

    Add as preferred source on Google
    Microsoft says some SharePoint server hackers now using ransomware - Headlines news and analysis from Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    Tags:cybersecurityfinancial institutionstechnology

    Quick Summary

    Microsoft warns of ransomware linked to SharePoint server hacks, with over 400 victims including U.S. agencies, escalating cyber threats.

    Microsoft Warns of Ransomware Tied to SharePoint Server Hacks

    By Raphael Satter

    WASHINGTON (Reuters) -A cyber-espionage campaign centered on vulnerable versions of Microsoft's server software now involves the deployment of ransomware, Microsoft said in a late Wednesday blog post.

    In the post, citing "expanded analysis and threat intelligence," Microsoft said a group it dubs "Storm-2603" is using the vulnerability to seed the ransomware, which typically works by paralyzing victims' networks until a digital currency payment is made.

    The disclosure marks a potential escalation in the campaign, which has already hit at least 400 victims, according to Netherlands-based cybersecurity firm Eye Security. Unlike typical state-backed hacker campaigns, which are aimed at stealing data, ransomware can cause widespread disruption depending on where it lands.

    The figure of 400 victims represents a sharp rise from the 100 organizations cataloged over the weekend. Eye Security says the figure is likely an undercount.

    "There are many more, because not all attack vectors have left artifacts that we could scan for," said Vaisha Bernard, the chief hacker for Eye Security, which was among the first organizations to flag the breaches.

    The details of most of the victim organizations have not yet been fully disclosed, but on Wednesday a representative for the National Institutes of Health confirmed that one of the organization's servers had been compromised.

    "Additional servers were isolated as a precaution," he said. The news of the compromise was first reported by the Washington Post. 

    Other outlets said the hacking campaign had breached an even broader range of U.S. agencies. NextGov, citing multiple people familiar with the matter, reported the Department of Homeland Security had been hit, along with more than five to 12 other agencies.

    Politico, which cited two U.S. officials, said multiple agencies were believed to have been breached.

    DHS' cyberdefense arm, CISA, did not immediately return a message seeking comment on the reports. Microsoft did not immediately return a message seeking further details on the ransomware angle of the hacking or the reported government victims.

    The spy campaign began after Microsoft failed to fully patch a security hole in its SharePoint server software, kicking off a scramble to fix the vulnerability when it was discovered.

    Microsoft and its tech rival, Google-owner Alphabet, have both said Chinese hackers are among those taking advantage of the flaw. Beijing has denied the claim.

    (Reporting by Raphael Satter; Editing by Mark Porter and Christopher Cushing)

    Key Takeaways

    • •Microsoft identifies ransomware linked to SharePoint server vulnerabilities.
    • •Storm-2603 group exploits the flaw to deploy ransomware.
    • •Over 400 victims reported, including government agencies.
    • •Eye Security highlights potential undercount of affected organizations.
    • •Chinese hackers among those exploiting the vulnerability.

    Frequently Asked Questions about Microsoft says some SharePoint server hackers now using ransomware

    1What is the nature of the cyber-espionage campaign?

    The campaign centers on vulnerable versions of Microsoft's server software and now involves the deployment of ransomware by a group called 'Storm-2603'.

    2How many victims have been reported in the hacking campaign?

    At least 400 victims have been reported, a significant increase from the 100 organizations cataloged earlier.

    3What has been the response from the National Institutes of Health?

    A representative confirmed that one of their servers was compromised and additional servers were isolated as a precaution.

    4Which U.S. agency has been mentioned in connection with the breaches?

    The Department of Homeland Security has been reported to have been breached, along with multiple other agencies.

    5What did Microsoft say about the hackers exploiting the vulnerability?

    Microsoft and Alphabet have indicated that Chinese hackers are among those taking advantage of the security flaw in their SharePoint server software.

    More from Headlines

    Explore more articles in the Headlines category

    Image for North Korea's Kim Jong Un welcomed Belarus President Lukashenko to Pyongyang, KCNA says
    North Korea's Kim Jong Un Welcomed Belarus President Lukashenko to Pyongyang, Kcna Says
    Image for Ukrainian drones kill two in Russian border region of Belgorod, governor says
    Ukrainian Drones Kill Two in Russian Border Region of Belgorod, Governor Says
    Image for Iran wants Lebanon included in any ceasefire, sources say
    Iran Wants Lebanon Included in Any Ceasefire, Sources Say
    Image for Vance due to visit Hungary on April 7-8 ahead of key election, say sources
    Vance Due to Visit Hungary on April 7-8 Ahead of Key Election, Say Sources
    Image for Belgian police break up migrant smuggling network, four people arrested
    Belgian Police Break up Migrant Smuggling Network, Four People Arrested
    Image for Russia sought to blackmail US using intelligence to Iran, Zelenskiy says
    Russia Sought to Blackmail US Using Intelligence to Iran, Zelenskiy Says
    Image for Italy's tourism minister resigns, ending standoff with PM Meloni
    Italy's Tourism Minister Resigns, Ending Standoff With PM Meloni
    Image for In Lebanon, paramedics mourn their own killed in Israeli strike
    In Lebanon, Paramedics Mourn Their Own Killed in Israeli Strike
    Image for Italy tourism minister resigns, obeying PM Meloni
    Italy Tourism Minister Resigns, Obeying PM Meloni
    Image for Swiss prosecutors not involved with Paris probe at bank Edmond de Rothschild
    Swiss Prosecutors Not Involved With Paris Probe at Bank Edmond De Rothschild
    Image for Lost remains of French musketeer d'Artagnan may have been found in Dutch church
    Lost Remains of French Musketeer d'Artagnan May Have Been Found in Dutch Church
    Image for Doctors in England plan six-day strike after government pay offer rejected
    Doctors in England Plan Six-Day Strike After Government Pay Offer Rejected
    View All Headlines Posts
    Previous Headlines PostTakeaways of US-Japan Deal Include Potential Gains for Trump, Ishiba and EU
    Next Headlines PostExclusive-Chinese Engines, Shipped as 'cooling Units', Power Russian Drones Used in Ukraine