Organizations in the automotive, chemical, and industrial compound manufacturing sectors across Europe had at least 20,000 Microsoft Azure account credentials exfiltrated as part of the HubPhish phishing campaign that leveraged HubSpot tools, according to The Hacker News.
Intrusions commenced with the distribution of malicious emails with DocuSign lures containing a file that would redirect to HubSpot Free Form builder links leading to a fraudulent Outlook Web App page that seeks targets' credentials, a report from Palo Alto Networks Unit 42 showed."Threat actors directed the phishing campaign to target the victim's Microsoft Azure cloud infrastructure via credential harvesting attacks on the phishing victim's endpoint computer. They then followed this activity with lateral movement operations to the cloud," said Unit 42 researchers, who emphasized that the campaign did not impact HubSpot or its infrastructure.Such findings follow the exploitation of SharePoint in a phishing attack that sought to facilitate XLoader information-stealing malware infections.
Intrusions commenced with the distribution of malicious emails with DocuSign lures containing a file that would redirect to HubSpot Free Form builder links leading to a fraudulent Outlook Web App page that seeks targets' credentials, a report from Palo Alto Networks Unit 42 showed."Threat actors directed the phishing campaign to target the victim's Microsoft Azure cloud infrastructure via credential harvesting attacks on the phishing victim's endpoint computer. They then followed this activity with lateral movement operations to the cloud," said Unit 42 researchers, who emphasized that the campaign did not impact HubSpot or its infrastructure.Such findings follow the exploitation of SharePoint in a phishing attack that sought to facilitate XLoader information-stealing malware infections.
