Microsoft released the advisory on the SharePoint vulnerability (CVE-2019-0604) and patched the gap back in 2019. (Photo by Jeenah Moon/Getty Images)
Researchers on Tuesday found that the Hello ransomware group (aka WickrMe) has been using a Microsoft SharePoint vulnerability and a China Chopper web shell to launch ransomware attacks.
In a blog posted by Trend Micro, the researchers reported that to ignite a ransomware payload, the attackers abuse a Cobalt Strike beacon. The researchers believe the China Chopper web shell was used in a likely attempt to circumvent detection with known samples.
Microsoft released the advisory on the SharePoint vulnerability (CVE-2019-0604) and patched the gap back in 2019. Since its first abuse and prominent attack in 2020, the notable abuse of the vulnerability has continued to make the news.
T ..
Support the originator by clicking the read the rest link below.