Helix vishing and MFA abuse targets SharePoint data for extortion
Source headline: New Helix vishing group emerges in SharePoint data theft attacks
Intelligence Summary
A data-extortion group tracked as Helix is targeting SharePoint environments. The campaign uses identity-focused phishing techniques, including voice phishing (vishing) and device code phishing. It also relies on multi-factor authentication (MFA) abuse to obtain access and move toward data theft. Victims are likely to be organizations that store sensitive documents in Microsoft SharePoint. Organizations should review authentication logs, tighten MFA and sign-in protections, and train users to recognize vishing and consent prompts.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.