Obsidian Discovers Successful Ransomware Attack Targeting SharePoint Online

Obsidian is a cybersecurity firm specializing in providing protection to individuals and businesses against all forms of cyber threats. Recently, they documented a successful ransomware attack on Sharepoint Online (Microsoft 365). The attack was carried out by hackers exploiting a Microsoft Global SaaS admin account, deviating from the standard compromised endpoint method. The victim sought assistance from Obsidian’s product and research team to investigate the attack, comprehensively understand the damage done, and resolve the situation’s outcomes. This article explores the attack in-depth, including the attacker’s methods, purposes, and potential consequences.

Description of the attack on SharePoint Online

The attackers used a new technique to exploit a Microsoft Global admin account and infiltrate SharePoint Online. Their use of this type of account suggests that they are highly experienced in cybersecurity, as it is much more challenging to gain access through an admin account. After infiltrating the online data storage system, the attackers installed ransomware on the system, which then started infecting the entire database.

Obsidian’s investigation into the cyberattack revealed strong evidence of the notorious Omega Group’s involvement. However, the victim’s identity was not disclosed to the public. If Omega is indeed the liable party, the data leak site could potentially disclose the victim’s identity if they do not fulfill the ransom demands. The Omega Group is one of the most notorious hacking groups in the world, known for their high level of sophistication, extensive experience, and previous attacks on major companies.

In just two hours, the attackers systematically eliminated over 220 administrators, leaving a trail of authority voids in their path. This was achieved in a highly organized and rapid manner, leaving little chance for the victim to detect the attack before significant damage had already been done. This significant blow to the system affected a wide range of business operations, leading to an investigation of all operations to identify the scope of the damage caused.

The stolen files had two purposes: first, to notify the victim about the theft and second, to establish a communication channel with the attackers. The attackers would try to negotiate payment to prevent the disclosure of sensitive information. They would threaten to publish sensitive and confidential information, such as intellectual property, sensitive data, and financial records, thus harming the victim’s reputation and causing significant financial loss.

Future scenarios and interest in using the capability again

The attackers have shown a strong interest in using this capability in future scenarios and have dedicated time to constructing automation, specifically for this attack. The fact that the attackers are now interested in using the capability again and developing it further is a clear indication that businesses should focus on taking proactive measures to safeguard their data continuously.

A growing trend in the hacking community is to rely more heavily on data theft instead of combining it with encryption. This trend has emerged due to the increasing vulnerability of encryption software, which is tempting attackers to shift their focus from encrypting to only stealing sensitive data. Attackers are now also looking to encrypt data if the victim has proactively attempted to secure their data.

Consequences of not fulfilling ransom demands

If the victim does not fulfill the ransom demands, the consequences are severe. The attackers could sell the stolen data on the dark web, potentially causing significant legal problems for the victim. This could lead to public relations damage, regulatory fines, intellectual property loss, and lawsuits.

To effectively manage risks, it is strongly recommended to enhance SaaS controls, mitigate excessive privileges, and revoke unauthorized integrations that may pose a high risk. Additionally, improving SaaS security posture through the use of multi-factor authentication, continuous monitoring, and thorough staff training can be helpful. The use of an external cybersecurity team can also provide a proactive measure against such attacks.

The SharePoint Online ransomware attack is a clear indication that businesses and individuals need to stay vigilant, collaborate with expert cybersecurity firms, and stay informed about cybersecurity developments. Hacking is an ever-evolving field, and businesses need to stay ahead of attackers to mitigate risks effectively. Proactive measures aimed at protecting sensitive information should always remain a top priority.

Explore more

Can a Unified ERP System Future-Proof Levi Strauss?

Establishing a seamless digital environment for a brand that spans over a hundred nations is a monumental undertaking that requires more than just standard software updates. Currently, Levi Strauss & Co. is navigating a profound transformation of its digital infrastructure, aiming for a mid-2027 completion of a fully integrated global enterprise resource planning system. This strategic overhaul is not merely

Ethereum Faces $10 Billion Liquidation Risk Near $2,000

The current trajectory of Ethereum suggests a massive collision between aggressive retail speculation and sophisticated institutional sell-side pressure as the asset hovers near the $2,000 psychological threshold. This specific price point has historically served as a pivot for broader market sentiment, influencing the behavior of various decentralized finance protocols and secondary layer-two scaling solutions. Currently, the market exhibits a state

Stalled Windows 11 Migration Poses Growing Security Risks

The global landscape of enterprise computing is currently grappling with a persistent digital divide as a significant segment of users continues to rely on Windows 10 despite the availability of more secure alternatives. The current ecosystem of digital infrastructure remains tethered to legacy architecture, with recent telemetry indicating that approximately one in six workstations worldwide continues to operate on Windows

Is Agentic AI the Key to Scaling Enterprise Automation?

Large-scale enterprises are currently grappling with a fundamental paradox where significant investments in artificial intelligence have yielded impressive pilot results but failed to trigger a broader systemic transformation across their global operations. While many organizations have successfully experimented with various AI models in specific silos, they often struggle to scale these technologies effectively across their complex, interconnected departments. This disconnect

VodafoneThree Drives 5G Innovation With Network Automation

The rapid expansion of 5G Standalone infrastructure across the United Kingdom has necessitated a fundamental shift in how telecommunications giants manage the increasing complexity of modern cellular traffic. As VodafoneThree consolidates its dominant market position throughout 2026, the implementation of sophisticated network automation tools has transitioned from a competitive advantage to an absolute operational necessity. By moving away from legacy