A recent investigation by Microsoft has revealed that organizations running unpatched SharePoint servers are facing a growing risk from multiple security vulnerabilities that are actively being exploited by cybercriminals. According to the company’s findings, threat actors are leveraging these weaknesses to infiltrate enterprise environments while remaining largely undetected, highlighting the increasing sophistication of modern cyberattacks.
The discovery emerged from an extensive investigation conducted by Microsoft’s Detection and Response Team (DART), which was monitoring the activities of a threat group identified as Storm-2603. The group was initially linked to a series of ransomware attacks targeting organizations that relied on Microsoft SharePoint servers for document management and collaboration.
At the outset of the investigation, security researchers believed Storm-2603 was operating independently and was solely responsible for exploiting SharePoint vulnerabilities to gain unauthorized access to corporate networks. However, as the inquiry progressed, Microsoft uncovered evidence suggesting that multiple threat actors are taking advantage of the same weaknesses, making the threat landscape significantly more complex than previously thought.
Researchers observed that attackers are exploiting unpatched systems to establish a foothold within targeted environments before moving laterally across networks. In many cases, these intrusions remain unnoticed for extended periods, allowing cybercriminals to collect sensitive information, deploy malicious tools, and eventually launch ransomware attacks that can cripple business operations.
One of the key concerns highlighted by Microsoft is the growing role of Artificial Intelligence in cybercrime. AI-powered tools are enabling attackers to automate reconnaissance, identify vulnerabilities more efficiently, and customize attack strategies to evade traditional security controls. This technological advantage allows threat actors to conduct attacks at greater speed and scale than ever before.
Security experts warn that organizations relying on on-premises SharePoint deployments should prioritize the installation of the latest security updates and patches. Delaying patch management creates opportunities for attackers to exploit known vulnerabilities, especially when exploit details become publicly available.
Microsoft has also advised enterprises to adopt a layered security approach that includes continuous monitoring, endpoint detection and response solutions, multifactor authentication, and regular security assessments. Such measures can help identify suspicious activity early and reduce the likelihood of a successful compromise.
The findings serve as another reminder that cyber threats continue to evolve rapidly. As attackers increasingly combine AI capabilities with advanced exploitation techniques, organizations must remain vigilant and proactive in securing their digital infrastructure. Regular patching, threat monitoring, and employee awareness remain critical defenses against the growing wave of sophisticated cyberattacks targeting enterprise systems worldwide.
Join our LinkedIn group Information Security Community!
