Azure Monitor Abused for Phishing

Azure Monitor Abused for Phishing

Threat actors are exploiting Microsoft Azure Monitor alerts to distribute callback phishing emails impersonating the Microsoft Security Team, claiming unauthorized charges on target accounts. The campaign leverages legitimate Azure infrastructure to deliver lure messages, bypassing standard sender-reputation filters.

Using trusted platform services as delivery vectors reduces the likelihood of detection by email security gateways that whitelist Microsoft domains. The technique follows an established pattern in which attacker-controlled content rides on credible third-party infrastructure to reach intended targets.

Source: Telegram "sitreports"