The threat actors utilized phishing emails with attached PDF documents or embedded HTML links. These emails targeted European companies and organizations, aiming to harvest account credentials and take over the victim’s Microsoft Azure cloud infrastructure.