A new Lookout report highlights a tangle of government mobile device security challenges, including the use of outdated or unmanaged devices, and a rise in phishing attacks targeting credentials.
Researchers said a new phishing-as-a-service platform features an entirely open registration process that makes it easier for cybercriminals to leverage.
The attack was first discovered in August after victims received phishing emails containing malicious document attachments.
The group activity has overlaps with APT40, which has continued its “operational tempo” despite a previous indictment by the U.S. Department of Justice in 2021.
Attackers compromised some customer and employee accounts at Twilio through a text-based phishing campaign.