Threat actors leverage tax season to deploy tax-themed phishing campaigns

Microsoft observed multiple tax-season phishing campaigns targeting U.S. organizations that used redirection (URL shorteners, QR codes, open redirectors) and legitimate services to evade detection and deliver loaders and RATs (BRc4, Latrodectus, GuLoader, Remcos, AHKBot) and to harvest credentials via RaccoonO365; one campaign is attributed to access broker Storm-0249. The blog provides detailed infection-chain descriptions, IOCs (domains, IPs, SHA-256 hashes), Sentinel hunting queries, and guidance for detection and mitigation.