FlagThis

A sophisticated phishing campaign has compromised approximately 20,000 Microsoft Azure accounts in Europe, primarily targeting manufacturing companies. The attackers used HubSpot’s Free Form Builder to create deceptive forms and DocuSign files, which were used in phishing emails to steal Microsoft Azure login credentials. This operation spanned from June to September 2024 and mainly affected firms in the automotive, chemical, and industrial sectors in Germany and the UK. The attackers aimed for long-term presence in the Azure cloud environments.

A sophisticated cyber espionage campaign, dubbed ‘Operation Digital Eye,’ targeted business-to-business IT service providers in Southern Europe. Attackers leveraged Visual Studio Code Tunnels and Azure infrastructure for command and control, exploiting the tunnels for stealthy remote access. The campaign lasted approximately three weeks, from late June to mid-July 2024.