This phishing kit looks more like BEC-as-a-service
ID: 5ae77b2a-c9e3-53c3-9a2d-56a113b9fa8e
STIX ID: report--5ae77b2a-c9e3-53c3-9a2d-56a113b9fa8e
Feed Name: CyberScoop
Threat Score
Cisco Talos uncovered ARToken, an advanced "business email compromise-as-a-service" platform affiliated with EvilTokens that targets Microsoft 365 accounts using MFA-bypassing phishing, inbox-rule manipulation, and shared access links; the service includes seven-layer anti-analysis and delivers targeted invoice-lure scams, indicating a mature, high-risk BEC operation with ties to a broader surge in phishing activity.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
