Microsoft SharePoint exploited to hack multiple energy firms

• Hackers exploit SharePoint emails to steal credentials from large energy firms
• Attackers establish persistence with inbox rules and MFA tampering to maintain access
• Microsoft advises conditional access policies and phishing-resistant MFA for defense

Hackers are, once again, using SharePoint to target large energy firms, steal employee email credentials, and propagate the attack further.

This is according to a new report from Microsoft, which claims “multiple” large organizations in the energy sector were already targeted.

The attack starts from a previously compromised email account. The crooks use it for initial contact, sending a legitimate-looking email with a SharePoint link. When clicked, the link redirects the victims to a credential-harvesting website, where they are prompted to log in.