Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

20,000 Microsoft Azure accounts compromised in EU: Is your cloud safe?

Palo Alto Networks’ Unit 42 identified the campaign and reported that attackers used HubSpot's online forms as a trap to capture sensitive information

byKerem Gülen
December 19, 2024
in News, Cybersecurity

A phishing campaign targeting manufacturing companies in Europe has compromised around 20,000 Microsoft Azure accounts using HubSpot and DocuSign. The operation, which spanned from June to September 2024, primarily affected firms in the automotive, chemical, and industrial sectors in Germany and the UK. Threat actors employed HubSpot’s Free Form Builder to create deceptive forms and lured victims with emails mimicking legitimate services.

Phishing campaign compromises 20,000 Microsoft Azure accounts in Europe

Palo Alto Networks’ Unit 42 identified the campaign and reported that attackers used HubSpot’s online forms as a trap to capture sensitive information. They crafted 17 different forms, designed to mimic legitimate requests for Microsoft Azure credentials. These forms asked victims in poorly worded English if they were “Authorized to view and download sensitive Company Document sent to Your Work Email?” This prompt claimed to facilitate access to critical documents stored in the “Microsoft Secured Cloud.”

20,000 Microsoft Azure accounts compromised in EU
 Phishing operation flow (Image: Palo Alto Networks’ Unit 42)

Victims who clicked through the forms were redirected to pages impersonating Microsoft Outlook Web App and Azure login portals, hosted on ‘.buzz’ domains. These tactics allowed attackers to bypass standard email security measures, as the phishing emails linked to a legitimate service (HubSpot). However, the emails did fail SPF, DKIM, and DMARC authentication checks.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.


Microsoft Teams isn’t safe: Hackers are sneaking in through calls


Once attackers gained access to the compromised accounts, they initiated post-compromise activities. They registered their own devices to victims’ accounts, thus ensuring continued access. Research indicated that threat actors frequently connected through VPNs located in the same countries as their targets, helping them to blend in. In cases where IT teams attempted to regain control of compromised accounts, attackers initiated password resets, creating a tug-of-war scenario that further complicated recovery efforts.

20,000 Microsoft Azure accounts compromised in EU
Threat actor’s infrastructure analysis diagram (Image: Palo Alto Networks’ Unit 42)

The potential impact of the attacks extends beyond credential theft. With access to Azure accounts, attackers could escalate privileges to create, modify, or delete resources within the compromised cloud environments. They could also potentially move laterally across the network to access sensitive storage containers associated with the victims’ accounts.

While the number of victims who provided Azure credentials is uncertain, security experts suspect it may be lower than the total number of accounts targeted, as not all the victims would have utilized Azure infrastructures. Nathaniel Quist of Unit 42 emphasized that the operation represents a more ambitious shift towards cloud-focused phishing attacks. Increasingly, cybercriminals are targeting user credentials for cloud and SaaS platforms instead of relying on malware to compromise endpoint devices.


Featured image credit: Microsoft

Tags: Cybersecuritymicrosoft azure

Related Posts

ChatGPT reportedly reduces reliance on Reddit as a data source

ChatGPT reportedly reduces reliance on Reddit as a data source

October 3, 2025
Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

October 3, 2025
Light-powered chip makes AI computation 100 times more efficient

Light-powered chip makes AI computation 100 times more efficient

October 3, 2025
Free and effective anti-robocall tools are now available

Free and effective anti-robocall tools are now available

October 3, 2025
Choosing the right Web3 server: OVHcloud options for startups to enterprises

Choosing the right Web3 server: OVHcloud options for startups to enterprises

October 3, 2025
Z.AI GLM-4.6 boosts context window to 200K tokens

Z.AI GLM-4.6 boosts context window to 200K tokens

October 2, 2025

LATEST NEWS

ChatGPT reportedly reduces reliance on Reddit as a data source

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Light-powered chip makes AI computation 100 times more efficient

Free and effective anti-robocall tools are now available

Choosing the right Web3 server: OVHcloud options for startups to enterprises

Z.AI GLM-4.6 boosts context window to 200K tokens

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.