Скачать или смотреть PHISHING ALERT! Cybercriminals just weaponized Google Cloud to steal credentials!

🚨 *PHISHING ALERT!* 🚨 *Cybercriminals* just weaponized *Google Cloud* to steal credentials! 🤯

Dive into the details of a sophisticated *multi-stage phishing campaign* that leverages a legitimate Google service—the Application Integration's "Send Email" task—to fool thousands of users. Find out how hackers exploited trust and bypassed typical security filters!

---

What You'll Learn in This Video:

*The Ultimate Trust Trick:* Attackers sent roughly 9,394 phishing emails that looked incredibly genuine because they were delivered from a legitimate Google address ("noreply-application-integration@google[.]com")! This abuse of legitimate automation capability allowed them to effectively **bypass DMARC and SPF checks**.
*Convincing Lures:* The emails mimicked routine corporate notifications, such as *voicemail alerts* or claims that the recipient had been granted access to a shared file or document, like a "Q4" file. They closely followed Google’s notification style and structure to increase credibility.
*The Multi-Stage Trap 🎣:* The attack is a complex flow designed to lower suspicion. It starts when you click a link hosted on another trusted Google Cloud service (storage.cloud.google[.]com).
*Dodging Detectives:* Before taking you to the final goal, the redirection flow presents a fake CAPTCHA or image-based verification, acting as a clever barrier to block automated scanners and security tools.
*The Final Destination:* After verification, users are taken to a fake *Microsoft login page* hosted on a non-Microsoft domain, ultimately aiming to steal crucial **M365 credentials**. The primary target is often M365 credentials, sometimes alongside OAuth consent phishing to gain delegated permissions to cloud resources like Azure subscriptions and VMs.

This campaign successfully targeted approximately 3,200 customers over a 14-day period observed in December 2025 across sectors like **manufacturing, technology, finance, professional services, and retail**.

🔒 *Good news:* Google responded to these findings by blocking the phishing efforts abusing the email notification feature within Google Cloud Application Integration.

Don't let trusted infrastructure trick you! Watch now to understand the complex steps of this attack and how to spot similar threats! 🛡️

---
*Keywords/Tags:* \#PhishingAttack \#GoogleCloudSecurity \#EmailSecurity \#CredentialTheft \#CybersecurityNews \#Microsoft365 \#CloudSecurity \#ApplicationIntegration \#CheckPoint \#TheHackerNews

*Source Attribution:* The analysis of this campaign, including the scale and mechanics, was disclosed by cybersecurity researchers. (Based on excerpts from "Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign," published by The Hacker News on Jan 02, 2026).