logo

This phishing kit looks more like BEC-as-a-service

ID: 5ae77b2a-c9e3-53c3-9a2d-56a113b9fa8e

STIX ID: report--5ae77b2a-c9e3-53c3-9a2d-56a113b9fa8e

Feed Name: CyberScoop

Threat Score
70/100

Date Published: 2026-07-01

Date Updated: 2026-07-02

Author: Tim Starks

...
...

Cisco Talos uncovered ARToken, an advanced "business email compromise-as-a-service" platform affiliated with EvilTokens that targets Microsoft 365 accounts using MFA-bypassing phishing, inbox-rule manipulation, and shared access links; the service includes seven-layer anti-analysis and delivers targeted invoice-lure scams, indicating a mature, high-risk BEC operation with ties to a broader surge in phishing activity.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.