ADVERTISEMENT

Microsoft says China-linked SharePoint attackers seen hitting victims with Warlock ransomware

Microsoft says the Chinese nation-state threat actors behind last Friday’s zero-day attack on SharePoint servers have now been observed deploying Warlock ransomware to exploit victims.

Microsoft SharePoint

Image by PhotoGranary02 | Shutterstock

Stefanie Schappert
Stefanie Schappert Senior Journalist
Jul 24, 2025 Updated: 25 July 2025 3 min read
Key takeaways:

10,000 servers could still be exposed

justinasv Marcus Walsh profile Paulina Okunyte Gintaras Radauskas
Don’t miss our latest stories on Google News
Add us as your Preferred Source on Google.
ADVERTISEMENT

Storm-2603 long term objective a mystery

Storm-2603 SharePoint exploit ransomware chart
Storm-2603 attack chain exploiting SharePoint vulnerabilities and leading to ransomware. Image by Microsoft Threat Intelligence.
ADVERTISEMENT