Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations

SecurityVendor
Yanac

Key Findings Introduction Check Point Research (CPR) has been closely monitoring the ongoing exploitation of a group of Microsoft SharePoint Server vulnerabilities collectively referred to as “ToolShell.” These active attacks leverage four vulnerabilities—CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771—and are attributed to multiple China affiliated threat actors. Among the threat groups identified by Microsoft, two are known
The post Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations appeared first on Check Point Research.Check Point ResearchRead More