Religious symbols weaponized, group uses Microsoft SharePoint RCE vulnerability to deliver 4L4MD4r ransomware
Essential information
- Published
- 01/08/2025 11:39
- Modified
- 01/08/2025 11:59
- Tags
- 2025-08-01 4l4md4r CVE-2025-49704 CVE-2025-49706 CVE-2025-53770 CVE-2025-53771 golang microsoft ransomware rce religious symbols sharepoint
- Related entities
- 4 vulnerabilities (cve), 2 observables, 1 intrusion sets (apt), 8 techniques (mitre), 1 malware, 2 others
Description
A serious remote code execution vulnerability in Microsoft SharePoint servers was exploited by hackers, affecting tens of thousands of servers globally. The mimo attack group, a financially motivated threat actor, utilized this vulnerability to deliver the 4L4MD4r ransomware, written in Golang and featuring function names with strong religious overtones. The attack chain involved downloading the payload from an Italian intermediary website and executing it. The ransomware encrypts files, renames them to base64 format, and leaves ransom notes. Despite 40 transactions recorded in the provided Bitcoin wallet, no ransoms of 0.005 BTC have been paid yet, indicating no victims have complied with the demands so far.