According to researchers from Eye Security and the Shadowserver Foundation, attackers exploited a previously unknown flaw – a so-called “zero-day” – to gain unauthenticated access to vulnerable SharePoint servers. This allowed them to execute arbitrary code, impersonate services, steal credentials, and install persistent backdoors.