gbhackers.com • 1w
Parallel Intrusion: Storm-2603 and Unattributed Actors Target Microsoft SharePoint
Parallel intrusions were identified in on-premises Microsoft SharePoint environments via the exploitation of CVE-2025-49704, CVE-2025-49706, and CVE-2025-53770. Two distinct threat actors operated concurrently: Storm-2603, a ransomware group utilizing BYOVD and legitimate remote tools, and an unattributed actor focused on Active Directory (AD) credential theft via DLL sideloading and custom backdoors. This overlapping activity created significant "signal noise," complicating forensic detection and containment. The intrusions highlight a critical failure in patching internet-facing legacy infrastructure, enabling both immediate financial extortion and long-term espionage within the same network perimeter.
Links:gbhackers.com, microsoft.com, bleepingcomputer.com, techjacksolutions.com, Radar, Protoslabs, Blog, Attack, Unit42, Malpedia, Levelblue, SecurityWeek, csoonline.com, Cybersecurity News, Redmondmag, Cypro, Cybersecurity-insiders, Trendmicro, Youtube, Learn, Gbhackers, Rescana, CISA Cybersecurity Advisories, computerweekly.com, Scworld, Threat-modeling, Reddit, Mallory, Finra, Securityonline, Us-cert, Nvd •