【要点】
◎中国を拠点(背景)とする標的型攻撃組織
【辞書】
◆Storm-2603 (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/storm-2603
【ニュース】
■2025年
◇2025年7月
◆Microsoft links Sharepoint ToolShell attacks to Chinese hackers (BleepingComputer, 2025/07/22 07:26)
[Microsoft、Sharepoint ToolShell 攻撃を中国のハッカーと関連付け]
https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-toolshell-attacks-linked-to-chinese-hackers/
⇒ https://malware-log.hatenablog.com/entry/2025/07/22/000000
◆US nuclear weapons agency hacked in Microsoft SharePoint attacks (BleepingComputer, 2025/07/23 11:14)
[米国核兵器機関、Microsoft SharePoint 攻撃でハッキング被害]
https://www.bleepingcomputer.com/news/security/us-nuclear-weapons-agency-hacked-in-microsoft-sharepoint-attacks/
⇒ https://malware-log.hatenablog.com/entry/2025/07/23/000000
◆Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems (The Hacker News, 2025/07/24)
[Storm-2603 が SharePoint の欠陥を悪用してパッチ未適用のシステムに Warlock ランサムウェアを展開]
https://thehackernews.com/2025/07/storm-2603-exploits-sharepoint-flaws-to.html
⇒ https://malware-log.hatenablog.com/entry/2025/07/24/000000
◆中国複数グループが「ToolShell」攻撃を展開 - 攻撃拡大に懸念 (Security NEXT, 2025/07/24)
https://www.security-next.com/172675
⇒ https://malware-log.hatenablog.com/entry/2025/07/24/000000_2
【ブログ】
◆Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations (cp(Check Point), 2025/07/31)
[ToolShell 以前:Storm-2603 のこれまでのランサムウェアの活動について]
https://research.checkpoint.com/2025/before-toolshell-exploring-storm-2603s-previous-ransomware-operations/
⇒ https://malware-log.hatenablog.com/entry/2025/07/31/000000_5
【検索】
google: Storm-2603
google:news: Storm-2603
google: site:virustotal.com Storm-2603
google: site:github.com Storm-2603
■Bing
https://www.bing.com/search?q=Storm-2603
https://www.bing.com/news/search?q=Storm-2603
https://twitter.com/search?q=%23Storm-2603
https://twitter.com/hashtag/Storm-2603
■VirusTotal
https://www.virustotal.com/gui/search/Storm-2603
【関連まとめ記事】
◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT
