HubSpot Hijinks: Phishing Campaign Snares 20,000 Accounts in Europe
Phishing campaign targets automotive, chemical, and industrial firms in Germany and the UK, using HubSpot to steal Microsoft Azure account credentials. The attackers employ HubSpot Form Builder and DocuSign-mimicking PDFs to redirect victims. While HubSpot itself remains uncompromised, the campaign highlights the creative misuse of legitimate services for credential harvesting.
Hot Take:
If you’re still using HubSpot to manage your CRM needs, you might want to check if it’s moonlighting as a cybercriminal’s sidekick! Apparently, HubSpot is now doubling as a tour guide, leading unsuspecting users on a lovely trip straight to credential-harvesting pages. Who knew your next phishing trip could be just a click away? Microsoft Azure accounts aren’t safe, and neither is your inbox if you’re in the UK or Germany’s manufacturing sectors. Time to batten down the hatches and maybe rethink those DocuSign PDFs in your email. With 20,000 accounts compromised, it’s starting to look like HubSpot’s free trial includes a bonus hackathon!
Key Points:
– HubSpot’s Free Form Builder is being used by threat actors as a gateway to phishing scams targeting Microsoft Azure credentials.
– The campaign has been active since June 2024, with approximately 20,000 accounts already compromised.
– Email security tools were bypassed due to the use of legitimate HubSpot links in phishing emails.
– Post-compromise, attackers use VPNs to imitate the geographical location of victims, creating a tug-of-war for account control.
– Although the phishing infrastructure has mostly gone offline, the campaign highlighted new ways to abuse legitimate services.