Microsoft SharePoint vulnerability and China Chopper web shell used in ransomware attacks | SC Media

Microsoft SharePoint vulnerability and China Chopper web shell used in ransomware attacks | SC Media

Microsoft released the advisory on the SharePoint vulnerability (CVE-2019-0604) and patched the gap back in 2019. (Photo by Jeenah Moon/Getty Images)

Researchers on Tuesday found that the Hello ransomware group (aka WickrMe) has been using a Microsoft SharePoint vulnerability and a China Chopper web shell to launch ransomware attacks.


In a blog posted by Trend Micro, the researchers reported that to ignite a ransomware payload, the attackers abuse a Cobalt Strike beacon. The researchers believe the China Chopper web shell was used in a likely attempt to circumvent detection with known samples.  


Microsoft released the advisory on the SharePoint vulnerability (CVE-2019-0604) and patched the gap back in 2019. Since its first abuse and prominent attack in 2020, the notable abuse of the vulnerability has continued to make the news.  


T ..

Support the originator by clicking the read the rest link below.