Microsoft Azure is named as a targeted platform in the reported APT41 credential harvesting campaign, where typosquatted domains mimicking azure.com and login.microsoftonline.com are used to blend C2 traffic with legitimate cloud API calls. This campaign is sourced from secondary threat intelligence and has not been corroborated by CISA or Microsoft at time of reporting; treat with elevated scrutiny. Recommended detection actions include reviewing Azure Monitor Sign-In logs for atypical geolocations using valid credentials (T1078.004) and alerting on OAuth token grants to unrecognized applications; monitor for authoritative vendor or CISA confirmation before escalating internally as a confirmed incident.