Update from 2023-12-06:
Last week, we reported on pro-Russian hacktivists scanning for vulnerable SharePoint Servers to exploit a critical vulnerability (CVE-2023-29357).
New findings suggest that the group, calling themselves “Zarya”, is undertaking various exploit-attempts, including directory traversal and targeting specific vulnerabilities in systems such as OpenWRT-Routers. The IP address 188.8.131.52, associated with these activities, has been observed in several different exploit attempts. In addition to simple reconnaissance, specific attacks on configuration files and Admin-APIs have been detected. This case re-emphasizes the importance of securing systems against such threats and shows, how unprotected or poorly configured systems can become targets of such attacks.
A critical vulnerability for Sharepoint (CVE-2023-29357), is being targeted by presumably pro-Russian attackers who are trying to exploit this vulnerability.
The Internet Storm Center has discovered corresponding activity on its honeypots. The severity for this vulnerability is critical (a score of 9.8 out of 10), and the attack complexity is very low, making this vulnerability particularly dangerous. Greenbone customers can benefit from the automatic detection of this vulnerability in our Enterprise Feed. Microsoft offers a security update since June 12, 2023, Microsoft customers who missed the update should install it now.