{"id":14278,"date":"2026-07-14T10:03:45","date_gmt":"2026-07-14T10:03:45","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/07\/14\/turla-hackers-exploit-sharepoint-flaw-to-access-thousands-of-french-user-accounts\/"},"modified":"2026-07-14T10:03:45","modified_gmt":"2026-07-14T10:03:45","slug":"turla-hackers-exploit-sharepoint-flaw-to-access-thousands-of-french-user-accounts","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/07\/14\/turla-hackers-exploit-sharepoint-flaw-to-access-thousands-of-french-user-accounts\/","title":{"rendered":"Turla Hackers Exploit SharePoint Flaw to Access Thousands of French User Accounts"},"content":{"rendered":"<p>    Turla Hackers Exploit SharePoint Flaw to Access Thousands of French User Accounts<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">Turla, a long-running cyber espionage operation linked by French authorities to Russia\u2019s Federal Security Service, has again drawn attention after investigators detailed compromises affecting French organizations. <\/p>\n<p class=\"wp-block-paragraph\">The group has been active for more than two decades and is known for quietly stealing sensitive information from government, diplomatic, defense, justice, and technology targets.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Rather than relying on one method, Turla operators have used phishing emails, infected websites, vulnerable internet-facing systems, and compromised network equipment to gain a foothold. <\/p>\n<p class=\"wp-block-paragraph\">Their campaigns can begin with a seemingly harmless file or a weakly protected server, then expand into deeper access across an organization\u2019s network.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\"> Members of France\u2019s Cyber Crisis Coordination Center, known as C4 and <a href=\"https:\/\/www.cert.ssi.gouv.fr\/uploads\/CERTFR-2026-CTI-005.pdf\" data-type=\"link\" data-id=\"https:\/\/www.cert.ssi.gouv.fr\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CERT-FR\u00a0said in a report<\/a> shared with Cyber Security News (CSN) that they identified activity tied to the Turla intrusion set against French entities. <\/p>\n<p class=\"wp-block-paragraph\">The findings show that the campaign was not limited to high-profile government networks, as ordinary businesses, associations, and individuals were also used as stepping stones in the attackers\u2019 infrastructure.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The most serious cases involved systems holding sensitive communications and user data. <\/p>\n<p class=\"wp-block-paragraph\">Turla has targeted Windows, Linux, and macOS environments, along with email platforms, web browsers, business applications, and web servers, giving the group a broad path into organizations that depend on common enterprise tools.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-turla-hackers-exploit-sharepoint-flaw\" class=\"wp-block-heading\"><strong>Turla Hackers Exploit SharePoint Flaw<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">In 2019, investigators learned that <a href=\"https:\/\/cybersecuritynews.com\/new-turla-crutch-backdoor\/\" data-type=\"post\" data-id=\"4163\" target=\"_blank\" rel=\"noreferrer noopener\">Turla operators had compromised a server<\/a> belonging to a French justice-sector organization. <\/p>\n<p class=\"wp-block-paragraph\">The server hosted a continuing-education service for staff, making it a valuable point of entry into an environment connected to a large number of users.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The attackers exploited a vulnerability connected to Microsoft SharePoint and installed malware on the affected server. <\/p>\n<p class=\"wp-block-paragraph\">C4 investigators concluded that the operation may have given the attackers access to information associated with several thousand user accounts, underlining how one exposed collaboration platform can create a much wider privacy and security problem.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Turla-linked operations have affected French ministries, diplomatic organizations, defense bodies, justice-sector entities, and technology companies since the 2010s. <\/p>\n<p class=\"wp-block-paragraph\">The report also describes intermediate victims whose systems were taken over and reused as hidden relays for later attacks.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">This approach makes an incident harder to spot because a compromised organization may not be the attackers\u2019 final target. <\/p>\n<p class=\"wp-block-paragraph\">A server, website, or device can be turned into a temporary launch point, helping <a href=\"https:\/\/cybersecuritynews.com\/hackers-use-systembc-malware-to-hide-c2-traffic\/\" data-type=\"post\" data-id=\"154221\" target=\"_blank\" rel=\"noreferrer noopener\">operators blend into legitimate network traffic<\/a> while they pursue information from another victim.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-a-persistent-espionage-operation\" class=\"wp-block-heading\"><strong>A Persistent Espionage Operation<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">Turla is associated with a collection of custom malware families, including Uroburos, also called Snake, and Kazuar. <\/p>\n<p class=\"wp-block-paragraph\">Researchers noted that Kazuar has continued to evolve and remained in use in 2026, while Turla operators also use publicly available tools such as Mimikatz and Metasploit when they help the intrusion blend into normal administrative activity.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The group\u2019s activity has continued against Ukraine, NATO countries, and European Union member states during Russia\u2019s war against Ukraine. <\/p>\n<p class=\"wp-block-paragraph\">French investigators said the operations support intelligence collection, especially against government institutions, defense organizations, and technology-related targets that could provide strategic insight.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Turla has also shown an ability to combine several weaknesses in a single intrusion chain. <\/p>\n<p class=\"wp-block-paragraph\">In addition to exploiting software flaws, operators have used spearphishing and watering-hole attacks that lure victims into downloading files presented as legitimate software, raising the risk for users who trust familiar-looking websites or documents.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The infrastructure behind these operations is designed to conceal the people operating it. <\/p>\n<p class=\"wp-block-paragraph\">Investigators said Turla has used compromised or rented servers, <a href=\"https:\/\/cybersecuritynews.com\/acsc-warns-of-large-scale-cms-exploitation-campaign-deploys-webshells\/\" data-type=\"post\" data-id=\"155332\" target=\"_blank\" rel=\"noreferrer noopener\">websites running content-management systems<\/a>, satellite communications, and networks of already infected machines to manage commands and retrieve stolen information.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">For defenders, the case reinforces the importance of applying security updates quickly, especially to internet-facing SharePoint servers and other public services. <\/p>\n<p class=\"wp-block-paragraph\">Organizations should also review account activity, investigate unusual server behavior, limit administrative access, and assess whether <a href=\"https:\/\/cybersecuritynews.com\/sandworm-hackers-pivot-from-compromised-it-systems\/\" data-type=\"post\" data-id=\"150034\" target=\"_blank\" rel=\"noreferrer noopener\">compromised systems may have been used<\/a> as relays in a larger operation.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The French findings also show why a breach should not be treated as an isolated technical fault. <\/p>\n<p class=\"wp-block-paragraph\">When attackers gain access to a shared service used by thousands of people, the possible exposure can extend well beyond the original server and affect communications, identities, internal records, and future targeting opportunities.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/22a6425f-9a8f-4f1b-9af5-a6be839dfcd4\/Turla-Hackers-Exploit-SharePoint-Flaw-to-Access-Thousands-of-French-User-Accounts.pdf?AWSAccessKeyId=ASIA2F3EMEYESU4QKC4Z&amp;Signature=yA7vOhSz1z4rGx6WzOOcEUFNJuA%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEDgaCXVzLWVhc3QtMSJHMEUCIQDE0tC6WS9Mj3XeqM%2Fop9Wy2WBCVaavn33SIlPZR747uAIgOsfKmWKpSn93M%2F7ITDS62aSIEFiulut7VjXlIopoXmsq8wQIARABGgw2OTk3NTMzMDk3MDUiDAmyj6MU6bNGO08zpyrQBIN71cYAuJvFn4s9PwesSsTSv1Kt7IbtaJVS7NQZazx0BZjuwnEvdjLVjbC6YqZ%2BRXGIXgnPRcjSvDH7QmAMFMF6cvMHfgT4KosnhibZN64%2BhzQsNAxrplvx025ZBxThizzTShktJwUSn3mImsvBT6Qv%2BcKTpyNYlnPsm0%2BNn42FGZNA6Lblg4OYZd%2BWcnruZLGgLFwERgrT79%2FuKUJT3LsS24Ol9gbQ0cylLojQ7H7IN9vzewQCd4GkEyFMFGwwj68m4sVj%2B5rcNbXSJDZkJ48YBqBG27EDdprxSA3fRJ8jdacHE0KP3RsQf7IDJUwPJdc6%2B8upEhL92ue7xCtmYry6goCVdJR9xh3WUtrT6E9wFoLmkI%2FOKqIC9WMh94%2ByhlOGBLe4fXdLDv92W7u9%2BlQazK7M0pFk9c%2Fn5PbeMigw9HjYQ0DBkS4EGFCRn8RnMUPQE8IWLfA3jEH4fs64FW0HluUwrbTfSYP8xWWDdIf4gjPJ1C6kgKuuhhxNkAX3ggHMWyRJl2vU%2BwFO8DHlbh18meOI5HxO7i2UtVFCXAxwVTm1v6z31%2BBjyRHjf2i8ncUGLBfPRF%2Bl%2FnGVmXACEkjyFdOc6K9Vgwv8oRqLvp8%2Fzhity82mPDZw3wwlphH1n9AE831bmy5qr9DaNfNb1Vu3eU1Qq21TG50WIY8k124y%2FeZODuEfHU%2FCVQmw8Vny0KzpPbJtl0Vl06NVIcfZijmgH%2BF109aim1bxbEEOjhWId%2FQzrj2ntqLir9PzyUFUhNUcxR5ZeiKNmFivsHQgTyMwponU0gY6mAHFMujNK5oXG8u%2FbFI3nP9Qs0K0xg3FYtMD0wMShuHoDUBdEzY5dL%2BCge5ZJIP0WIDrTvueP3uHAf2W1Kqa%2B4DEXdjGcdR1eqPnjN1y1XAuLq4kpePZy1wfgbYTI8pGIkbLUHdD2EYXk66tLxo4uoTjjnLjdzuoYTLdVph%2Fhc99CurvSEIRGDR96T389rs0cC8hrxpbXGIBkA%3D%3D&amp;Expires=1783960185\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 91%,rgb(169,184,195) 100%)\"><strong><strong><strong><strong>Prevent critical incidents and financial loss with stronger proactive defense.\u00a0<\/strong><a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=csn&amp;utm_medium=links&amp;utm_campaign=feeds+landing&amp;utm_content=ti+feeds+sales&amp;utm_term=070726#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Integrate a live threat feed from 15K SOC Teams<\/a><\/strong>.<\/strong><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/turla-hackers-exploit-sharepoint-flaw\/\">Turla Hackers Exploit SharePoint Flaw to Access Thousands of French User Accounts<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Tushar Subhra Dutta<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/turla-hackers-exploit-sharepoint-flaw\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Turla Hackers Exploit SharePoint Flaw to Access Thousands of French User Accounts Turla, a long-running cyber espionage operation linked by French authorities to Russia\u2019s Federal Security Service, has again drawn attention after investigators detailed compromises affecting French organizations. The group has been active for more than two decades and is known for quietly stealing sensitive [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,649],"tags":[130],"class_list":["post-14278","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-threats","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14278"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=14278"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14278\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=14278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=14278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=14278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}