Storm-2603 Using Custom Malware That Leverages BYOVD to Tamper with Endpoint Protections

Storm-2603 Using Custom Malware That Leverages BYOVD to Tamper with Endpoint Protections

A newly identified threat actor designated Storm-2603 has emerged as a sophisticated adversary in the ransomware landscape, leveraging advanced custom malware to circumvent endpoint security protections through innovative techniques. The group first gained attention during Microsoft’s investigation into the “ToolShell”… Read more → The post Storm-2603 Using Custom Malware That Leverages BYOVD to Tamper with Endpoint Protections appeared first on…

Storm-2603 Deploys Custom Malware Using BYOVD To Bypass Endpoint Protections - Cybernoz - Cybersecurity News

Check Point Research (CPR) has delved into the operations of Storm-2603, a recently identified threat actor linked to Chinese advanced persistent threat (APT) groups, amid widespread exploitation of Microsoft SharePoint Server vulnerabilities known as “ToolShell.” This campaign exploits four critical CVEs CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771 to facilitate intrusions, with Storm-2603 deploying a custom command-and-co…

Storm-2603 Deploys Custom Malware Using BYOVD to Bypass Endpoint Protections

Check Point Research (CPR) has delved into the operations of Storm-2603, a recently identified threat actor linked to Chinese advanced persistent threat (APT) groups, amid widespread exploitation of Microsoft SharePoint Server vulnerabilities known as “ToolShell.” This campaign exploits four critical CVEs CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771 to facilitate intrusions, with Storm-2603 deploying a custom command-and-co…