re: plans for party -- How a Compromised Argentine School Account Targeted K-12 in the U.S.

A compromised Microsoft 365 account at an Argentine educational institution was used in a targeted spear-phishing attack against a U.S. K-12 district. The email impersonated a known contact by display name, passed SPF/DKIM/DMARC, and included a same-day registered domain (ethrecn.com) hosting a randomized credential-harvesting URL; IRONSCALES community intelligence flagged and quarantined the message.