Security researchers discovered two unrelated cyber-threat campaigns targeting Microsoft SharePoint: one using phishing and the other exploiting a remote code execution (RCE) vulnerability. The first campaign likely focused on mass targeting for maximum impact, sending phishing email recipients to a malicious webpage that prompted them to enter credentials into a purported SharePoint document. The second campaign, orchestrated by a ransomware group, occurred despite Microsoft’s release of a patch for the RCE flaw in March 2019. Last year the flaw was also exploited, by Iranian nation-state threat actors taking advantage of unpatched servers, according to Microsoft. As long as older vulnerabilities remain unaddressed and users remain susceptible to phishing, these types of campaigns will probably continue to crop up into the long-term future (beyond one year).
Digital Shadows
Threat Intelligence and Digital Risk Protection Resources
