Project ak47: uncovering a link to the sharepoint vulnerability attacks

Intel Name: Project ak47: uncovering a link to the sharepoint vulnerability attacks

Date of Scan: August 6, 2025

Impact: High

Summary:
“Project AK47: Uncovering a Link to the SharePoint Vulnerability Attacks” details the connection between a threat activity cluster tracked as CL-CRI-1040 and recent exploitation of SharePoint vulnerabilities. This cluster deploys a toolset named Project AK47, which includes a backdoor, ransomware, and loaders. The activity overlaps with Microsoft’s reporting on ToolShell exploitation and is attributed to the suspected China-based threat actor Storm-2603. Analysis of host- and network-based artifacts supports a high-confidence assessment linking Storm-2603 to CL-CRI-1040.

More Details