Not Simon the Goat on Nostr: Rapid7: Investigating a SharePoint Compromise: IR Tales from the Field Rapid7 ...
Rapid7: Investigating a SharePoint Compromise: IR Tales from the Field
Rapid7 provides a case study of a compromised Microsoft Exchange service account with domain administrator privileges. They assessed that the initial infection vector was CVE-2024-38094 (7.2 high) Microsoft SharePoint Remote Code Execution Vulnerability. Seeing how this CVE was added to the CISA's KEV Catalog only 8 days ago, it is very likely that Rapid7 fed CISA the KEV information via backchannels. They describe the attacker's tactics, techniques, and procedures (TTPs). Indicators of compromise are provided.
#CVE_2024_38094 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI #IOC
Rapid7 provides a case study of a compromised Microsoft Exchange service account with domain administrator privileges. They assessed that the initial infection vector was CVE-2024-38094 (7.2 high) Microsoft SharePoint Remote Code Execution Vulnerability. Seeing how this CVE was added to the CISA's KEV Catalog only 8 days ago, it is very likely that Rapid7 fed CISA the KEV information via backchannels. They describe the attacker's tactics, techniques, and procedures (TTPs). Indicators of compromise are provided.
#CVE_2024_38094 #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI #IOC