Blog
Share This Post
[ad_1]
Organizations in the automotive, chemical, and industrial compound manufacturing sectors across Europe had at least 20,000 Microsoft Azure account credentials exfiltrated as part of the HubPhish phishing campaign that leveraged HubSpot tools, according to The Hacker News.
Intrusions commenced with the distribution of malicious emails with DocuSign lures containing a file that would redirect to HubSpot Free Form builder links leading to a fraudulent Outlook Web App page that seeks targets’ credentials, a report from Palo Alto Networks Unit 42 showed.
“Threat actors directed the phishing campaign to target the victim’s Microsoft Azure cloud infrastructure via credential harvesting attacks on the phishing victim’s endpoint computer. They then followed this activity with lateral movement operations to the cloud,” said Unit 42 researchers, who emphasized that the campaign did not impact HubSpot or its infrastructure.
Such findings follow the exploitation of SharePoint in a phishing attack that sought to facilitate XLoader information-stealing malware infections.
Get essential knowledge and practical strategies to fortify your cloud security.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
