Financially Motivated Threat Actor Leveraged Google Docs and Weebly Services to Target Telecom and Financial Sectors

EclecticIQ observed a late‑2024 financially motivated phishing campaign exploiting trusted platforms (Google Docs for delivery and Weebly for hosting) to serve highly customized credential‑harvesting pages targeting telecom and financial organizations across multiple regions; attackers used realistic MFA prompts, tracking tools, dynamic DNS rotation and SIM‑swapping-assisted account takeovers, and the report includes numerous IOCs and mitigation recommendations.