storm-2603
Storm-2657 Watch: Does Workday mark the start — or just the first stop?
Workday was the first stop, not the destination. We’re at 62% odds it hits another payroll stack by 2026-04-17. Harden all the paydoors, not just the pretty one.
storm-2603
storm-2603
Storm-2603: Hybrid Espionage and Ransomware Operations Exploiting SharePoint ToolShell Vulnerabilities
Storm-2603 is a China-based threat actor, first identified in 2025, leveraging a hybrid operational model that combines espionage tactics with financially motivated ransomware deployment. The group is distinct from, but shares some infrastructure and tooling with, other Chinese APTs such as...
storm-2603
Storm-2603: SharePoint Zero-Day Exploitation and Warlock Ransomware—A Hybrid Financial and Espionage Threat
Storm-2603 is a China-based, financially motivated threat actor first identified in early 2025, responsible for a global campaign exploiting critical Microsoft SharePoint zero-day vulnerabilities (CVE-2025-53770, CVE-2025-49706, CVE-2025-49704).