Header image

Warnings of SharePoint Flaw After Exploit

Cocktail of tools used in attack and persistence.

A high-severity remote code execution vulnerability in Microsoft SharePoint was exploited to compromise an entire corporate network domain without being detected for two weeks.

According to Bleeping Computer, the flaw - tracked as CVE-2024-38094 and rated at 7.2 severity - was leveraged to breach a Microsoft Exchange service account with elevated privileges, according to Rapid7.

The attacker deployed the Huorong Antivirus and installed Impacket, resulting in the deactivation of legitimate antivirus systems and lateral movement.

The researchers also utilised Mimikatz and FRP for credential compromise and remote access, and deployed other network scanning tools, performed ADFS certificate generation, brute-forced Active Directory tickets, and ensured persistence through scheduled tasks while deactivating Windows Defender and impacted systems' logs to conceal malicious activity.

However researchers did not observe any data encryption to be conducted as part of the attack.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.