
Unpatched SharePoint servers opened the door to multiple attackers, Microsoft finds
What began as a routine ransomware investigation uncovered two unrelated attackers operating inside the same victim network at the same time, each obscuring the other’s activity and complicating the response.
The discovery emerged during a Microsoft Detection and Response Team (DART) engagement involving Storm-2603, a threat actor associated with ransomware deployment. Investigators initially believed they were tracking a single intrusion before identifying a separate attack chain involving a different set of tools, infrastructure, and objectives.
“This case highlights a growing reality: modern attacks are not always isolated events. Sometimes they are overlapping campaigns,” Microsoft said ...