Press ESC to close

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

Category Details
Threat Actors – Unspecified, likely cybercriminal groups leveraging phishing and credential theft
Campaign Overview – Phishing campaign codenamed HubPhish by Unit 42
– Targets at least 20,000 users in Europe, including automotive, chemical, and industrial sectors
Target Regions (Victims) – European companies
Methodology – Sends phishing emails with DocuSign-themed lures
– Redirects victims to malicious HubSpot Free Form Builder links and fake Office 365 login pages
Product Targeted – Microsoft Azure cloud infrastructure
Malware Reference – Information stealer malware XLoader (a successor to Formbook)
Tools Used – HubSpot Free Form Builder
– Bulletproof VPS hosting
Vulnerabilities Exploited – No direct vulnerability in HubSpot; abuse of legitimate services like Google Calendar and Google Drawings
TTPs – Credential harvesting via phishing emails
– Abuse of legitimate platforms (HubSpot, Google services) for phishing
– Lateral movement in Azure cloud environments
– Use of “.buzz” domains
Attribution – No specific attribution; likely sophisticated cybercriminals
Recommendations – Monitor cloud activity for unauthorized device additions
– Employ MFA on accounts, particularly in Microsoft Azure
– Enable “known senders” setting in Google Calendar
– Educate users on phishing and spoofing tactics
Source The Hackers News

Read full article: https://thehackernews.com/2024/12/hubphish-exploits-hubspot-tools-to.html

The above summary has been generated by an AI language model

Source: TheHackersNews

Published on: December 18, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *