← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft
The attack typically begins with emails featuring varied subject lines and message bodies, all containing links to Azure Blob Storage endpoints. These links often resemble routine Microsoft Forms or document sharing URLs, luring recipients into clicking. Once clicked, users are redirected to a fake login page hosted on a subdomain of blob.core.windows.net, where their credentials are harvested.
https://cybersecuritynews.com/phishing-attack-leverages-azure-blob-storage/
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| hostname | anb.lumomn.shop | — | 2025-10-20 | |
| hostname | byt.orboli.online | — | 2025-10-20 | |
| hostname | hbp.fluxiv.life | — | 2025-10-20 | |
| hostname | iih.thesparklebar.com | — | 2025-10-20 | |
| hostname | lc.rocketcargo.com.br | — | 2025-10-20 | |
| hostname | mpa.horiz.live | — | 2025-10-20 | |
| hostname | pni.savuse.sbs | — | 2025-10-20 | |
| hostname | pv.orthoplay.com.mx | — | 2025-10-20 | |
| hostname | avz.rocketcargo.com.br | — | 2025-10-20 | |
| hostname | bp.rocketcargo.com.br | — | 2025-10-20 | |
| hostname | bui.rocketcargo.com.br | — | 2025-10-20 | |
| hostname | kert.rocketcargo.com.br | — | 2025-10-20 | |
| hostname | mhd.rocketcargo.com.br | — | 2025-10-20 | |
| hostname | vx.rocketcargo.com.br | — | 2025-10-20 |