Category | Details |
---|---|
Threat Actors | – Unspecified, likely cybercriminal groups leveraging phishing and credential theft |
Campaign Overview | – Phishing campaign codenamed HubPhish by Unit 42 – Targets at least 20,000 users in Europe, including automotive, chemical, and industrial sectors |
Target Regions (Victims) | – European companies |
Methodology | – Sends phishing emails with DocuSign-themed lures – Redirects victims to malicious HubSpot Free Form Builder links and fake Office 365 login pages |
Product Targeted | – Microsoft Azure cloud infrastructure |
Malware Reference | – Information stealer malware XLoader (a successor to Formbook) |
Tools Used | – HubSpot Free Form Builder – Bulletproof VPS hosting |
Vulnerabilities Exploited | – No direct vulnerability in HubSpot; abuse of legitimate services like Google Calendar and Google Drawings |
TTPs | – Credential harvesting via phishing emails – Abuse of legitimate platforms (HubSpot, Google services) for phishing – Lateral movement in Azure cloud environments – Use of “.buzz” domains |
Attribution | – No specific attribution; likely sophisticated cybercriminals |
Recommendations | – Monitor cloud activity for unauthorized device additions – Employ MFA on accounts, particularly in Microsoft Azure – Enable “known senders” setting in Google Calendar – Educate users on phishing and spoofing tactics |
Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/hubphish-exploits-hubspot-tools-to.html
The above summary has been generated by an AI language model
Leave a Reply