Religious symbols weaponized, group uses Microsoft SharePoint RCE vulnerability to deliver 4L4MD4r ransomware
A serious remote code execution vulnerability in Microsoft SharePoint servers was exploited by hackers, affecting tens of thousands of servers globally. The mimo attack group, a financially motivated threat actor, utilized this vulnerability to deliver the 4L4MD4r ransomware, written in Golang and featuring function names with strong religious overtones. The attack chain involved downloading the payload from an Italian intermediary website and executing it. The ransomware encrypts files, renames them to base64 format, and leaves ransom notes. Despite 40 transactions recorded in the provided Bitcoin wallet, no ransoms of 0.005 BTC have been paid yet, indicating no victims have complied with the demands so far.
Pulse ID: 688ca78ff00082bce0dc1d5e
Pulse Link: https://otx.alienvault.com/pulse/688ca78ff00082bce0dc1d5e
Pulse Author: AlienVault
Created: 2025-08-01 11:39:59
Be advised, this data is unverified and should be considered preliminary. Always do further verification.