New Helix vishing group emerges in SharePoint data theft attacks
Summary
A new data-extortion group known as Helix has emerged, employing identity-focused tactics to compromise SharePoint environments. These tactics include vishing, device code phishing, and multi-factor authentication abuse to steal data.
IFF Assessment
FOE
The emergence of a new threat actor leveraging sophisticated identity-based attacks signifies an increasing threat to organizations' data security.
Defender Context
Defenders should be aware of the emerging Helix group and their methods, particularly the abuse of MFA and vishing. Implementing robust identity and access management, comprehensive training on social engineering tactics, and strict validation of MFA requests are crucial to mitigate these threats.