How Phishing Is Targeting Germany’s Economy: Active Threats from Finance to Manufacturing

This threat intelligence report analyzes active, targeted phishing campaigns observed in Germany between January and March 2026 that use advanced phishing-as-a-service platforms (FlowerStorm, EvilProxy, EvilGinx2) to bypass MFA via OAuth abuse and reverse-proxy session hijacking; it documents industry-specific lures, sandbox-verified attack chains, IOCs, and mitigation guidance to help SOCs detect and contain these high-risk campaigns.