Attackers used MailChimp and business email compromise to steal credentials from marketing professionals
Winchester, 18/12/2025
Evalian, a leading cybersecurity firm, today revealed that its Security Operations Centre (SOC) has identified an active phishing campaign targeting HubSpot users. The attack combined business email compromise (BEC) with a compromised website to deliver a credential-stealing payload to unsuspecting end users.
The campaign was highly sophisticated, using legitimate platforms like MailChimp to bypass email security gateways and exploit trust in familiar brands. Evalian’s SOC team conducted a detailed investigation, uncovering:
- The attack chain and delivery methods
- Indicators of compromise including malicious URLs and IPs
- Infrastructure used by attackers, including bulletproof hosting services
“This phishing campaign demonstrates how modern attackers are combining brand impersonation with trusted platforms to evade defences,” said [SOC Lead Name], SOC Analyst at Evalian. “It’s no longer enough to rely on SPF, DKIM, and DMARC alone — organisations need active threat hunting and expert monitoring to protect themselves.”
Evalian has published a full analysis and guidance for HubSpot users, marketers, and business owners, highlighting the signs of phishing and best practices for prevention: https://evalian.co.uk/phishing-campaign-targets-hubspot-users/
About Evalian:
Evalian is a UK-based cybersecurity firm providing SOC as a Service (SOCaaS), managed detection and response (MDR), and expert consulting to protect businesses from modern cyber threats.
