Quote:An ongoing phishing campaign targeting several organizations with the help of DocuSign branded spam e-mails has been observed by Proofpoint's Threat Insight Team while abusing Amazon Web Services (AWS) to host their landing pages.
 
While various threat actors have been seen utilizing consumer-grade cloud storage such as Dropbox and Google Drive to host malicious content like malware payloads, phishers have also used it for other purposes like phishing kits hosting.
 
However, as Proofpoint found, some of the phishing actors they monitored throughout 2019 have slowly moved to "enterprise-class public cloud storage providers such as Amazon Web Services (AWS) and Microsoft Azure."