Researchers said a new phishing-as-a-service platform features an entirely open registration process that makes it easier for cybercriminals to leverage.
The attack was first discovered in August after victims received phishing emails containing malicious document attachments.
The group activity has overlaps with APT40, which has continued its “operational tempo” despite a previous indictment by the U.S. Department of Justice in 2021.
Attackers compromised some customer and employee accounts at Twilio through a text-based phishing campaign.
Microsoft has identified a long, widespread phishing campaign that stole session cookies to bypass MFA and led to BEC and payment fraud.