Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns

Unknown criminals went on a phishing expedition that targeted about 20,000 users across the automotive, chemical and industrial compound manufacturing sectors in Europe, and tried to steal account credentials and then hijack the victims' Microsoft Azure cloud infrastructure.

After taking over victims' accounts, the miscreants signed into new devices using stolen creds so they could maintain access to the cloud environment – and sensitive data therein.

Palo Alto Networks' Unit 42 researchers spotted the campaign, which peaked in June and remained active as of September.

While they can't attribute the attacks to a particular crew or individual, they did find both Ukrainian and Russian language websites linked to the attack infrastructure. "However we cannot determine the nature or rationale for these links," Unit 42 senior threat researcher Nathaniel Quist told The Register.

The threat hunters can't put an exact number on compromised victims, as the team was "only ...