Significant growth found in SuperMailer-based credential phishing campaign

Numerous sectors including government, financial services, media, manufacturing, transportation, and utilities have been targeted by the large-scale credential phishing campaign leveraging the SuperMailer newsletter distribution app, which has expanded by twofold monthly since January, according to SecurityWeek. Fourteen percent of all phishing emails since January have been attributed to the SuperMailer campaign, which involved the use of open redirects, URL randomization, varied senders, and appended reply chains to infiltrate Microsoft ATP, TrendMicro, Fortinet, Proofpoint, Cisco Ironport, and Mimecast secure email gateways, a report from Cofense revealed. "The threat actors' current approach is to use very basic content templates and randomization of very small portions of the email. They're casting a wide net by sending so many emails. Adding personalized AI-generated content to each email would involve significant investment of time and resources, and given the current success of the campaign in its effort to reach inboxes, the threat actors would likely not feel a need to change tactics," said Cofense Cyber Threat Intelligence Analyst Brad Haas.