FlagThis

A sophisticated phishing campaign has compromised approximately 20,000 Microsoft Azure accounts in Europe, primarily targeting manufacturing companies. The attackers used HubSpot’s Free Form Builder to create deceptive forms and DocuSign files, which were used in phishing emails to steal Microsoft Azure login credentials. This operation spanned from June to September 2024 and mainly affected firms in the automotive, chemical, and industrial sectors in Germany and the UK. The attackers aimed for long-term presence in the Azure cloud environments.

ImgSrc: img.helpnetsecurity.com

References:

• @BleepingComputer - A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials. - 7d
• The Hacker News - HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft - 7d
• CyberInsider - Threat Actors Exploit HubSpot to Harvest Microsoft Azure Credentials - 7d
• @VirusBulletin - Palo Alto Unit 42 researchers investigate a phishing campaign targeting European companies. The campaign aimed to harvest account credentials and take over the victim’s Microsoft Azure cloud infrast - 7d
• techacademy.online - HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft - 7d
• Dataconomy - A phishing campaign targeting manufacturing companies in Europe has compromised around 20,000 Microsoft Azure accounts using HubSpot and DocuSign. - 6d
• Techzine Global - Hackers, through a phishing campaign using malicious DocuSign files, are attempting to target long-term presence mainly in Azure cloud environments of European companies. - 6d

Classification:

• HashTags: Azure Phishing DataBreach
• Company: Microsoft
• Target: Microsoft Azure users
• Product: Microsoft Azure
• Feature: Phishing
• Type: Hack
• Severity: Major