{"id":218686,"date":"2025-07-25T04:14:54","date_gmt":"2025-07-25T09:14:54","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/07\/microsoft-sharepoint-flaws-exploited-in-warlock-ransomware-attacks"},"modified":"2025-07-25T04:14:54","modified_gmt":"2025-07-25T09:14:54","slug":"microsoft-sharepoint-flaws-exploited-in-warlock-ransomware-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/07\/microsoft-sharepoint-flaws-exploited-in-warlock-ransomware-attacks","title":{"rendered":"Microsoft: SharePoint flaws exploited in Warlock ransomware attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/logo.microsoft-sharepoint-flaws-exploited-in-warlock-ransomware-attacks.jpg\"><\/a><\/p>\n<p>A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-releases-emergency-patches-for-sharepoint-rce-flaws-exploited-in-attacks\/\" target=\"_blank\" rel=\"nofollow noopener\">recently patched<\/a> ToolShell <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available\/\" target=\"_blank\" rel=\"nofollow noopener\">zero-day exploit chain<\/a>.<\/p>\n<p>Non-profit security organization Shadowserver is currently <a href=\"https:\/\/bsky.app\/profile\/shadowserver.bsky.social\/post\/3luoxu2ajms2u\" target=\"_blank\" rel=\"nofollow noopener\">tracking over 420 SharePoint servers<\/a> that are exposed online and remain vulnerable to these ongoing attacks.<\/p>\n<p>\u201cAlthough Microsoft has observed this threat actor deploying Warlock and Lockbit ransomware in the past, Microsoft is currently unable to confidently assess the threat actor\u2019s objectives,\u201d the company <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/#storm-2603\" target=\"_blank\" rel=\"nofollow noopener\">said<\/a> in a Wednesday report.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain. Non-profit security organization Shadowserver is currently tracking over 420 SharePoint servers that are exposed online and remain vulnerable to these ongoing attacks. \u201cAlthough Microsoft has observed this threat actor deploying Warlock [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-218686","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/218686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=218686"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/218686\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=218686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=218686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=218686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}