Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

The Hacker News by The Hacker News
December 18, 2024
Home Cybersecurity
Share on FacebookShare on Twitter


Dec 18, 2024Ravie LakshmananEmail Security / Cloud Security

Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims’ Microsoft Azure cloud infrastructure.

The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical, and industrial compound manufacturing users in Europe.

“The campaign’s phishing attempts peaked in June 2024, with fake forms created using the HubSpot Free Form Builder service,” security researchers Shachar Roitman, Ohad Benyamin Maimon, and William Gamazo said in a report shared with The Hacker News.

Cybersecurity

The attacks involve sending phishing emails with Docusign-themed lures that urge recipients to view a document, which then redirects users to malicious HubSpot Free Form Builder links, from where they are led to a fake Office 365 Outlook Web App login page in order to steal their credentials.

Unit 42 said it identified no less than 17 working Free Forms used to redirect victims to different threat actor-controlled domains. A significant chunk of those domains were hosted on the “.buzz” top-level domain (TLD).

“The phishing campaign was hosted across various services, including Bulletproof VPS host,” the company said. “[The threat actor] also used this infrastructure for accessing compromised Microsoft Azure tenants during the account takeover operation.”

Upon gaining successful access to an account, the threat behind the campaign has been found to add a new device under their control to the account so as to establish persistence.

“Threat actors directed the phishing campaign to target the victim’s Microsoft Azure cloud infrastructure via credential harvesting attacks on the phishing victim’s endpoint computer,” Unit 42 said. “They then followed this activity with lateral movement operations to the cloud.”

The development comes as attackers have been spotted impersonating SharePoint in phishing emails that are designed to deliver an information stealer malware family called XLoader (a successor to Formbook).

Cybersecurity

Phishing attacks are also increasingly finding novel ways to bypass email security measures, the latest among them being the abuse of legitimate services like Google Calendar and Google Drawings, as well as spoofing email security provider brands, such as Proofpoint, Barracuda Networks, Mimecast, and Virtru.

Those that exploit the trust associated with Google services involve sending emails including a calendar (.ICS) file with a link to Google Forms or Google Drawings. Users who click on the link are prompted to click on another one, which is typically disguised as a reCAPTCHA or support button. Once this link is clicked, the victims are forwarded to phony pages that perpetrate financial scams.

Users are advised to enable the “known senders” setting in Google Calendar to protect against this kind of phishing attack.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
How SonicWall Put MSPs ‘In A Good Position’ Amid Critical Vulnerability Threat

How SonicWall Put MSPs ‘In A Good Position’ Amid Critical Vulnerability Threat

Recommended.

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

December 6, 2025
Construction begins on Ezee Fiber’s high-speed Internet expansion in Milton, Lakewood and Fife

Construction begins on Ezee Fiber’s high-speed Internet expansion in Milton, Lakewood and Fife

August 29, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio