216.73.217.22

FlowerStorm Phishing Kit Targeting Microsoft Credentials via Cloudflare-Backed Infrastructure

· Published 20/04/2026 13:20 · Modified 20/04/2026 13:53

Export JSON

Essential information

Published
20/04/2026 13:20
Modified
20/04/2026 13:53
Tags
2026-04-20 cloudflare flowerstorm iocs
Related entities
4 techniques (mitre), 7 others

Description

related to phishing‑kit–driven campaign that delivers fake Microsoft authentication pages via compromised domains fronted by . The activity abuses legitimate cloud and CDN services for delivery while credential harvesting occurs on attacker‑controlled infrastructure, with incidental contact to Microsoft services during normal browser behavior. that uses its own web servers to target victims' login credentials and access to their personal details and login details on its servers.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Techniques (MITRE) (4)

Others (7)

  • boysgirlsclubchester.continuousperformance.de
  • chesteruplandsd.continuousperformance.de
  • fleschlawfirm.continuousperformance.de
  • chestersuplandsd.continuousperformance.de
  • delcofamilyvillage.continuousperformance.de
  • jbsafetyintl.continuousperformance.de
  • stevenscollege.continuousperformance.de

External references