Threat actors are leveraging Microsoft Azure Blob Storage to craft highly convincing [phishing sites](https://cybersecuritynews.com/what-is-phishing-essential-advice-for-safeguarding-your-personal-data-online/) that mimic legitimate Office 365 login portals, putting Microsoft 365 users at severe risk of credential theft.This method exploits trusted Microsoft infrastructure, making the attacks harder to spot as the fraudulent pages appear secured by official SSL certificates issued by Microsoft itself.ALI TAJRAN recently highlighted a surge in these campaigns, with alerts circulating widely on October 17, 2025, urging immediate vigilance among enterprises and individuals.**How the Attack Leverages Azure Blob**—————————————The phishing scheme typically begins with deceptive emails that include links disguised as routine [Microsoft Forms surveys](https://cybersecuritynews.com/hackers-leverage-google-forms-surveys/) or document shares, often starting with URLs like forms.office-[.-]com followed by a unique identifier.Victims who click these links are redirected to what seems like a harmless PDF download prompt, but this quickly escalates to a demand for Microsoft 365 credentials on a fake login page.The malicious URL terminates in windows.net, specifically utilizing subdomains under blob.core.windows.net, which hosts the phishing form as a simple HTML file stored in Azure’s blob storage service.> ATTENTION: Phishing Attack Uses Azure Blob Storage to Impersonate Microsoft! >>> Attackers have found a new method to trick end users into logging in to a malicious login page, intercepting tokens, and infiltrating the tenant. >>> What makes this particularly sneaky is that they are… [pic.twitter.com/WFDUVYuxQD](https://t.co/WFDUVYuxQD)> — ALI TAJRAN (@alitajran) [October 17, 2025](https://twitter.com/alitajran/status/1979166321704141011?ref_src=twsrc%5Etfw)This storage solution, designed for unstructured data like images or documents, inadvertently provides phishers with a veil of legitimacy since browsers and [endpoint protection tools](https://cybersecuritynews.com/best-endpoint-protection-solutions-for-msps-mssps/) inherently trust Azure endpoints.Once users enter their email and password, the credentials are captured and sent to attacker-controlled servers, potentially granting access to sensitive email, files, and tenant resources.Attackers may then escalate privileges to intercept authentication tokens or infiltrate the entire organization. Historical reports from 2018 noted similar lures using themed PDF attachments pretending to be legal documents, a tactic that persists today with more sophisticated social engineering.To counter this threat, security experts recommend blocking all traffic to -*.blob.core.windows.net endpoints in firewalls or web proxies, while whitelisting only specific, trusted storage accounts like -.blob.core.windows.net. This granular approach prevents broad access without disrupting legitimate Azure operations. Additionally, enabling [multi-factor authentication (MFA)](https://cybersecuritynews.com/tag/multi-factor-authentication-mfa/) and monitoring for anomalous logins via Microsoft Entra ID can detect breaches early.A proactive step involves customizing company branding in your Microsoft 365 tenant, displaying your organization’s logo, colors, and name on official sign-in pages to help users distinguish genuine portals from impostors.Without branding, a generic Microsoft login might blend seamlessly with phishing mimics, eroding user trust at critical moments resources from Microsoft guide administrators on implementing these customizations swiftly.This [phishing](https://cybersecuritynews.com/phishing-attack/) variant underscores the dual-edged nature of cloud services: while Azure Blob Storage offers scalability and security for legitimate use, it becomes a weapon when abused by threat actors.Organizations should prioritize user education on scrutinizing URLs, legitimate Office 365 logins always direct to login.microsoftonline.com, not blob storage paths.**Follow us on [Google News](https://news.google.com/publications/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&gl=IN&ceid=IN:en), [LinkedIn](https://www.linkedin.com/company/cybersecurity-news/), and [X](https://x.com/cyber_press_org) for daily cybersecurity updates. [Contact us](https://cybersecuritynews.com/contact-us/) to feature your stories.**The post [New Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft](https://cybersecuritynews.com/phishing-attack-leverages-azure-blob-storage/) appeared first on [Cyber Security News](https://cybersecuritynews.com).
Related Tags:
NAICS: 517 – Telecommunications
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 516 – Broadcasting And Content Providers
NAICS: 51 – Information
Blog: Cybersecurity News
Phishing: Spearphishing Link
Phishing: Spearphishing Attachment
Phishing
Associated Indicators: