Chinese Hackers Exploit SharePoint Flaws to Deploy Backdoors, Ransomware, and Loaders

Threat Score:

GB Hackers

4 hours ago

Part of cluster #1713

Overview

Chinese Hackers Exploit SharePoint Flaws to Deploy Backdoors, Ransomware, and Loaders Unit 42 researchers have identified significant overlaps between Microsoft’s reported ToolShell exploit chain targeting SharePoint vulnerabilities and a tracked activity cluster dubbed CL-CRI-1040. This cluster, active since at least March 2025, deploys a custom malware suite named Project AK47, comprising multi-protocol backdoors,ransomware, and DLL side-loading loaders. Microsoft’s analysis attributes the act...

Continue Reading on Original Site

5 articles

Ransomware Actors Expand Tactics Beyond Encryption and Exfiltration

Infosecurity Magazine • 3 hours ago

Ransomware actors deploy a range of activities to make it harder for victims to recover and increase the consequences of not paying demands

Score

DaVita Ransomware Attack Affects More Than 1 Million Individuals

Hipaajournal • 3 hours ago

In April 2025, the kidney dialysis giant DaVita disclosed a security incident in an SEC filing, although at the time, […]

Score

British intelligence warns cyber threat to critical infrastructure is increasing

Therecord • 1 hour ago

The National Cyber Security Centre stressed that Britain was underestimating the severity of the risk to critical infrastructure from cyberattacks and provided updated guidance for operators to protect themselves.

Score

Flaws Expose 100 Dell Laptop Models to Implants, Windows Login Bypass

SecurityWeek • 2 hours ago

ReVault vulnerabilities in the ControlVault3 firmware in Dell laptops could lead to firmware modifications or Windows login bypass.

Score

Over 1 Million Impacted by DaVita Data Breach

SecurityWeek • 1 hour ago

DaVita has notified over 1 million individuals that their personal and health information was stolen in a ransomware attack.

Score

CVES

CVE-2025-49704

CVE-2025-49706

CVE-2025-53770

CVE-2025-53771

ATTACK TYPES

Exploit

Exploitation of Public-Facing Applications

Ransomware

INDUSTRIES

Cybersecurity

Education

Information Technology

COUNTRIES

China

VULNERABILITIES

DDoS

Data Encryption for Impact

DoS

RCE

Remote Code Execution

COMPANIES

AMD

Adobe

Amazon

Apple

Broadcom

AGENCIES

CISA

SECURITY VENDORS

Cloudflare

Palo Alto Networks

Trend Micro

PLATFORMS

AWS

Android

Apache

Azure

IIS

RANSOMWARE

4L4MD4R

AnDROid

JCrypt

LockBit

One

MALWARE

4L4MD4R

BumbleBee

Dark

Nexus

Project AK47

APT GROUPS

Linen Typhoon

Storm-2603

Violet Typhoon

MITRE ATT&CK

T1059

T1059.001

T1071

T1071.001

T1105

DOMAINS

innovationfactory.it

IP ADDRESSES

145.239.97.206

IP ADDRESSES

145.239.97.206

DOMAINS

innovationfactory.it

ARTICLE INFORMATION

Article #9147

Published 4 hours ago

GB Hackers

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Article Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Overview

Related Articles

Ransomware Actors Expand Tactics Beyond Encryption and Exfiltration

DaVita Ransomware Attack Affects More Than 1 Million Individuals

British intelligence warns cyber threat to critical infrastructure is increasing

Flaws Expose 100 Dell Laptop Models to Implants, Windows Login Bypass

Over 1 Million Impacted by DaVita Data Breach

Save to Folder

Article Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies