Religious symbols weaponized, group uses Microsoft SharePoint RCE vulnerability to deliver 4L4MD4r ransomware

SUMMARY :

A serious remote code execution vulnerability in Microsoft SharePoint servers was exploited by hackers, affecting tens of thousands of servers globally. The mimo attack group, a financially motivated threat actor, utilized this vulnerability to deliver the 4L4MD4r ransomware, written in Golang and featuring function names with strong religious overtones. The attack chain involved downloading the payload from an Italian intermediary website and executing it. The ransomware encrypts files, renames them to base64 format, and leaves ransom notes. Despite 40 transactions recorded in the provided Bitcoin wallet, no ransoms of 0.005 BTC have been paid yet, indicating no victims have complied with the demands so far.

OPENCTI LABELS :

ransomware,rce,golang,microsoft,sharepoint,cve-2025-53771,cve-2025-53770,cve-2025-49704,cve-2025-49706,4l4md4r,religious symbols


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Religious symbols weaponized, group uses Microsoft SharePoint RCE vulnerability to deliver 4L4MD4r ransomware