Saturday, July 11, 2026
NewsezeNews with Rewards · Earn while you read
+5 credits / query
cyber

New Helix vishing group emerges in SharePoint data theft attacks - BleepingComputer

Newseze Wire·Thu, Jul 9, 5:08 PMWire: BleepingComputer via Google News
Open original source Read full story (in-site)
New Helix vishing group emerges in SharePoint data theft attacks - BleepingComputer

New Helix vishing group emerges in SharePoint data theft attacks    BleepingComputer

Sourcing & attribution. Newseze provides AI-curated summaries, narrative framing, and editorial analysis. The underlying reporting was contributed by BleepingComputer via Google News; tap “Open original source” above to read their full reporting and support the contributing newsroom directly.

Newseze Analysis430 words · original commentary
# New Vishing Group Targets SharePoint in Corporate Data Theft Campaign Security researchers have identified an emerging threat group called Helix that is conducting targeted attacks against organizations by exploiting SharePoint environments through vishing—a social engineering technique combining voice calls with deceptive pretexting. The group appears to be leveraging human manipulation to gain initial access to corporate networks, then stealing sensitive data from Microsoft SharePoint repositories. This represents a notable shift in attack methodology, as sophisticated threat actors increasingly recognize that technical exploits often prove less reliable than convincing an employee to voluntarily grant access. Helix's operational pattern highlights a persistent vulnerability in enterprise security: the human element remains the easiest entry point for determined adversaries. Rather than investing resources in discovering software flaws or brute-forcing credentials, the group uses phone-based social engineering to impersonate IT staff, vendors, or other trusted parties, persuading employees to reveal credentials or disable security controls. Once inside, attackers access SharePoint to harvest documents, intellectual property, customer data, or financial records. This approach is notably cost-effective and scales well—it requires minimal technical sophistication but extraordinary success rates when executed professionally. Organizations with robust security awareness training and call-verification protocols experience significantly lower infection rates, yet many mid-market and enterprise environments still lack consistent employee vetting of unexpected requests. The emergence of Helix is particularly relevant given SharePoint's ubiquity in corporate environments. As a Microsoft product deeply integrated into Office 365 and on-premises deployments, SharePoint often contains an organization's most sensitive information—and employees routinely receive legitimate IT requests involving SharePoint access changes, password resets, and MFA adjustments. Threat actors exploit this normalization, banking on the reality that busy employees may not follow proper verification procedures. The initial access vector, though simple, is remarkably effective because it bypasses most perimeter defenses entirely. Organizations should recognize this pattern as part of a broader industry trend: advanced persistent threats increasingly combine low-tech social engineering with high-value targeting. The evidence suggests Helix is moderately sophisticated in operational security and victim selection, though the group's true scale and attribution remain unclear at this reporting stage. Companies relying on legacy IT practices—where employees verify requests through shared phone numbers or email addresses—face elevated risk. Conversely, organizations implementing out-of-band verification (contacting IT through known, independently verified channels) and conditional access policies on SharePoint dramatically reduce exploit success. **Worth knowing:** Vishing remains underrated as an attack vector because it doesn't appear in vulnerability lists or patch notes. Yet its consistent success rate makes it a rational choice for threat actors, and no technical control fully mitigates a persuaded employee. Reporting: BleepingComputer via Google News.
Ask Us · Any Story, Any AnswerBe the first to ask

Newseze's algorithm reads the story and answers your question — calmly, factually, with source attribution. No comments, no flame wars — just answers.

No questions yet. Be the first.

Answers reflect Newseze's editorial framework applied under fair use (17 U.S.C. § 107). Not financial, legal, medical, or tax advice. Hate speech and racial slurs are blocked.

Related stories

Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites
CYBERTrending Righttrust 75
Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

Why it mattersA cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, the activity logs, and target lists naming more than 1.4 million …

A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, the a…

ChellaBy Chella·14h ago
WireThe Hacker News
Full Analysis Comment PostRead →