Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

20,000 Microsoft Azure accounts compromised in EU: Is your cloud safe?

Palo Alto Networks’ Unit 42 identified the campaign and reported that attackers used HubSpot's online forms as a trap to capture sensitive information

byKerem Gülen
December 19, 2024
in News, Cybersecurity

A phishing campaign targeting manufacturing companies in Europe has compromised around 20,000 Microsoft Azure accounts using HubSpot and DocuSign. The operation, which spanned from June to September 2024, primarily affected firms in the automotive, chemical, and industrial sectors in Germany and the UK. Threat actors employed HubSpot’s Free Form Builder to create deceptive forms and lured victims with emails mimicking legitimate services.

Phishing campaign compromises 20,000 Microsoft Azure accounts in Europe

Palo Alto Networks’ Unit 42 identified the campaign and reported that attackers used HubSpot’s online forms as a trap to capture sensitive information. They crafted 17 different forms, designed to mimic legitimate requests for Microsoft Azure credentials. These forms asked victims in poorly worded English if they were “Authorized to view and download sensitive Company Document sent to Your Work Email?” This prompt claimed to facilitate access to critical documents stored in the “Microsoft Secured Cloud.”

20,000 Microsoft Azure accounts compromised in EU
 Phishing operation flow (Image: Palo Alto Networks’ Unit 42)

Victims who clicked through the forms were redirected to pages impersonating Microsoft Outlook Web App and Azure login portals, hosted on ‘.buzz’ domains. These tactics allowed attackers to bypass standard email security measures, as the phishing emails linked to a legitimate service (HubSpot). However, the emails did fail SPF, DKIM, and DMARC authentication checks.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.


Microsoft Teams isn’t safe: Hackers are sneaking in through calls


Once attackers gained access to the compromised accounts, they initiated post-compromise activities. They registered their own devices to victims’ accounts, thus ensuring continued access. Research indicated that threat actors frequently connected through VPNs located in the same countries as their targets, helping them to blend in. In cases where IT teams attempted to regain control of compromised accounts, attackers initiated password resets, creating a tug-of-war scenario that further complicated recovery efforts.

20,000 Microsoft Azure accounts compromised in EU
Threat actor’s infrastructure analysis diagram (Image: Palo Alto Networks’ Unit 42)

The potential impact of the attacks extends beyond credential theft. With access to Azure accounts, attackers could escalate privileges to create, modify, or delete resources within the compromised cloud environments. They could also potentially move laterally across the network to access sensitive storage containers associated with the victims’ accounts.

While the number of victims who provided Azure credentials is uncertain, security experts suspect it may be lower than the total number of accounts targeted, as not all the victims would have utilized Azure infrastructures. Nathaniel Quist of Unit 42 emphasized that the operation represents a more ambitious shift towards cloud-focused phishing attacks. Increasingly, cybercriminals are targeting user credentials for cloud and SaaS platforms instead of relying on malware to compromise endpoint devices.


Featured image credit: Microsoft

Tags: Cybersecuritymicrosoft azure

Related Posts

Google marks Pac-Man’s 45th anniversary with a Halloween Doodle

Google marks Pac-Man’s 45th anniversary with a Halloween Doodle

October 30, 2025
OpenAI Sora adds character cameos and video stitching

OpenAI Sora adds character cameos and video stitching

October 30, 2025
WhatsApp introduces passkeys for end-to-end encrypted chat backups

WhatsApp introduces passkeys for end-to-end encrypted chat backups

October 30, 2025
Character.AI is closing the door on under-18 users

Character.AI is closing the door on under-18 users

October 30, 2025
Rode upgrades its Wireless Micro Camera Kit with universal compatibility

Rode upgrades its Wireless Micro Camera Kit with universal compatibility

October 30, 2025
YouTube’s new Super Resolution turns blurry uploads into HD and 4K

YouTube’s new Super Resolution turns blurry uploads into HD and 4K

October 30, 2025

LATEST NEWS

Google marks Pac-Man’s 45th anniversary with a Halloween Doodle

OpenAI Sora adds character cameos and video stitching

WhatsApp introduces passkeys for end-to-end encrypted chat backups

Character.AI is closing the door on under-18 users

Rode upgrades its Wireless Micro Camera Kit with universal compatibility

YouTube’s new Super Resolution turns blurry uploads into HD and 4K

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.