1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Fake DocuSign and HubSpot phishing emails target 20,000 Microsoft

    From TechnologyDaily@1337:1/100 to All on Thursday, December 19, 2024 19:45:05
    Fake DocuSign and HubSpot phishing emails target 20,000 Microsoft Azure accounts

    Date:
    Thu, 19 Dec 2024 19:29:00 +0000

    Description:
    The campaign, which targeted 20,000 Microsoft Azure accounts, has been disrupted.

    FULL STORY ======================================================================Unit 42 says phishing campaign targeted automotive, chemical, and industrial compound manufacturing industries More than 20,000 victims were successfully targeted The campaign has been disrupted, but users should still be on their guard

    Hackers of potentially Russian or Ukrainian origin have been targeting UK and EU organizations in the automotive, chemical, and industrial compound manufacturing industries with advanced phishing threats, experts have warned.

    A report from Unit 42, Palo Alto Networks cybersecurity arm, claims to have observed a campaign that started in June 2024, and was still active as of September. The goal of the campaign was to grab peoples Microsoft Azure cloud accounts, and steal any sensitive information found there.

    The crooks would either send a Docusign-enabled PDF file, or an embedded HTML link, which would redirect the victims to a HubSpot Free Form Builder link. That link would usually invite the reader to View Document on Microsoft Secured Cloud, where the victims would be asked to provide their Microsoft Azure login credentials. Bulletproof hosting

    The majority of the victims are located in Europe (mostly Germany), and the UK. Roughly 20,000 users were successfully targeted, the researchers said, adding that at least in a few cases, the victims provided the attackers with login credentials: "We verified that the phishing campaign did make several attempts to connect to the victims' Microsoft Azure cloud infrastructure,"
    the researchers said in their writeup.

    Besides using custom phishing lures, with organization-specific branding and email formats, the crooks also went for targeted redirections using URLs designed to look like the victim organizations domain. Furthermore, the miscreants used bulletproof VPS hosts , and reused their phishing infrastructure for multiple operations. Most of the phishing pages were
    hosted on .buzz domains.

    At press time, most of the attack infrastructure was pulled offline - Unit 42 said it worked together with HubSpot to address the abuse of the platform,
    and engaged with compromised organizations to provide recovery resources. Since most phishing servers are now offline, the researchers said the disruption efforts were effective.

    Via The Register You might also like Popular astrology app leak exposes data on millions of users find out if you're affected Here's a list of the best antivirus These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/fake-docusign-and-hubspot-phishing-emai ls-target-20-000-microsoft-azure-accounts


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)