ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

Helix vishing and MFA abuse targets SharePoint data for extortion

Source headline: New Helix vishing group emerges in SharePoint data theft attacks

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 6 days ago

Intelligence Summary

A data-extortion group tracked as Helix is targeting SharePoint environments. The campaign uses identity-focused phishing techniques, including voice phishing (vishing) and device code phishing. It also relies on multi-factor authentication (MFA) abuse to obtain access and move toward data theft. Victims are likely to be organizations that store sensitive documents in Microsoft SharePoint. Organizations should review authentication logs, tighten MFA and sign-in protections, and train users to recognize vishing and consent prompts.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#identity-theft #sharepoint #mfa-bypass #vishing #data-extortion #device-code-phishing
Original reporting BleepingComputer New Helix vishing group emerges in SharePoint data theft attacks
Open original source