The parallel activity of two independent ransomware groups on the same SharePoint servers demonstrates that attackers are increasingly conducting overlapping campaigns, requiring centralized visibility across all layers.
Two independent attack groups exploited the same unpatched SharePoint server simultaneously within the same victim network, causing their traces to overlap and complicating the investigation.