Effective Phishing Campaign Targeting European Companies and Institutions
Dec. 18, 2024, 3:08 p.m.
Tags
External References
Description
A sophisticated phishing operation targeting European automotive, chemical, and industrial manufacturing companies has been uncovered. The campaign, which peaked in June 2024, used HubSpot Free Form Builder and Docusign-enabled PDFs to harvest account credentials and infiltrate Microsoft Azure cloud infrastructures. Approximately 20,000 users were targeted across various European organizations. The attackers employed multiple redirection techniques, custom user-agent strings, and Bulletproof VPS hosts to evade detection. Once access was gained, the threat actors attempted to maintain persistence by adding new devices to compromised accounts. The campaign highlights the ongoing threat of targeted phishing attacks against corporate cloud infrastructures.
Date
Published: Dec. 18, 2024, 2:37 p.m.
Created: Dec. 18, 2024, 2:37 p.m.
Modified: Dec. 18, 2024, 3:08 p.m.
Indicators
f3f0bf362f7313d87fcfefcd6a80ab0f18bc6c5517d047be186f7b81a979ff91
deff0a6fbf88428ddef2ee3c4d857697d341c35110e4c1208717d9cce1897a21
b2ca9c6859598255cd92700de1c217a595adb93093a43995c8bb7af94974f067
94.46.246.46
94.156.71.208
91.92.244.131
91.92.242.68
74.119.239.234
49.12.110.250
208.91.198.96
208.115.208.118
188.166.3.116
167.114.27.228
91.92.245.39
144.217.158.133
91.92.253.66
www.acmeinc.buzz
https://wr43wer3ee.cyptech.com.au/oeeo4/ewi9ew/mnph_term=?/&submissionGuid=50aa078a-fb48-4fec-86df-29f40a680602
https://vomc.qeanonsop.xyz/?hh5=IY&username=ian@deloitte.es
https://vigaspino.com/2doc5/index.php?submissionGuid=1d51a08d-cf55-4146-8b5b-22caa765ac85
https://vigaspino.com/2doc5/index.php?submissionGuid=093410a5-c228-4ddf-890c-861cdc6fe5d8
https://technicaldevelopment.rljaccommodationstrust.buzz/?WKg=2Ljv8
https://technicaldevelopment.industrialization.buzz/?o0B=RLNT
https://purchaseorder.vermeernigeria.buzz/?cKg=C3&submissionGuid=4631b0c9-5e10-4d81-b1d6-4d01045907e7
https://purchaseorder.europeanfreightleaders.buzz/?Mt=zqoE&submissionGuid=476f32d0-e667-4a18-830b-f57a2b401fc3
https://orderspecification.tekfenconstruction.buzz/?6BI=AmaPH&submissionGuid=e2ce33ea-ee47-4829-882c-592217dea521
https://orderconfirmating.symmetric.buzz/?df=ZUvkMN&submissionGuid=e06a1f83-c24e-4106-b415-d2f43a06a048
https://espersonal.org/doc0024/index.php?submissionGuid=96a9b82a-55d3-402d-9af4-c2c5361daf5c
https://docusharepoint.fundament-advisory.buzz/?3aGw=Nl9
https://espersonal.org/doc0024/index.php?submissionGuid=6e59d483-9dc2-48f8-ad5a-c2d2ec8f4569
https://docs.doc2rprevn.buzz?username=
https://docs.doc2rprevn.buzz/?username=
https://asdrfghjk3wr4e5yr6uyjhgb.mhp-hotels.buzz/?Nhv3zM=xI7Kyf
https://9qe.daginvusc.com/miUxeH/
http://orderconfirmation.dgpropertyconsultants.buzz/
wr43wer3ee.cyptech.com.au
vomc.qeanonsop.xyz
technicaldevelopment.rljaccommodationstrust.buzz
technicaldevelopment.industrialization.buzz
purchaseorder.vermeernigeria.buzz
purchaseorder.europeanfreightleaders.buzz
orderspecification.tekfenconstruction.buzz
orderconfirmation.dgpropertyconsultants.buzz
orderconfirmating.symmetric.buzz
docusharepoint.fundament-advisory.buzz
asdrfghjk3wr4e5yr6uyjhgb.mhp-hotels.buzz
docs.doc2rprevn.buzz
9qe.daginvusc.com
vigaspino.com
espersonal.org
Attack Patterns
TA0001
TA0003
TA0011
T1078.002
T1586
Additional Informations
Automotive
Chemical
Manufacturing
France
Germany
United Kingdom of Great Britain and Northern Ireland