Beware of emails urging you to act quickly on DocuSign requests, as they may be attempts to hack your Azure account.

450/67 Friday, December 20, 2024

Researchers from Unit 42 of Palo Alto Networks have revealed a cyberattack targeting users in the automotive, chemical, and industrial sectors across Europe, with as many as 20,000 victims. The attackers employed sophisticated phishing techniques to steal account credentials and compromise the Microsoft Azure cloud infrastructure. The campaign began with phishing emails containing PDF attachments claiming to support DocuSign or embedded HTML links, redirecting recipients to hacker-created websites such as HubSpot Free Form Builder. These websites mimicked the login page of Microsoft Outlook Web Access. Once victims entered their email and passwords, the hackers used this information to gain access to the victims’ cloud systems.

The goal of the campaign was to establish persistence within cloud environments, such as accessing critical data or creating new users in the cloud system. Additionally, the attackers sought to exfiltrate data for sale on the dark web or use it for extortion. “We believe the primary targets of the hackers are in the UK and Europe,” said Nathaniel Quist, Senior Threat Researcher. Unit 42 identified 17 URLs used in the attacks, along with phishing link source codes leading to impersonated organizational websites. The team also found that the attackers utilized secure and anonymous hosting providers.

Users are advised to be cautious of unfamiliar emails, particularly those containing suspicious attachments or URLs, and to verify the source of emails or websites before taking any action. Phishing cyberattacks are becoming increasingly sophisticated, making the use of security tools and raising user awareness crucial to safeguarding sensitive information against theft.

Source https://www.theregister.com/2024/12/19/docusign_lure_azure_account_takeover/