Phishing Campaign Targets 20,000 European HubSpot Users
/ 1 min read
🎭 New phishing campaign targets European companies using HubSpot tools. Cybersecurity researchers from Palo Alto Networks’ Unit 42 have identified a phishing campaign, dubbed HubPhish, aimed at over 20,000 users in the automotive, chemical, and industrial sectors across Europe. The attackers utilized HubSpot’s Free Form Builder to create fake forms, luring victims with Docusign-themed emails that redirected them to a counterfeit Office 365 login page to harvest credentials. The campaign peaked in June 2024 and involved multiple threat actor-controlled domains, primarily hosted on the “.buzz” TLD. Additionally, the attackers have been seen impersonating SharePoint and employing various tactics to bypass email security measures, prompting experts to recommend enabling “known senders” settings in Google Calendar for protection.
