Attackers Are Taking Over Real Email Threads to Deliver Phishing: New Enterprise Risk

ANY.RUN researchers detail an active "thread-hijack" phishing campaign in which attackers compromise a supplier mailbox, reply inside authentic C-suite email threads, and deliver multi-step redirected phishing links gated by Cloudflare Turnstile that culminate in an EvilProxy adversary-in-the-middle page to steal Microsoft credentials; the report highlights evasion techniques, provides detection guidance (behavioral detonation and TI feeds), and links the sample to a broader campaign with IOCs for hunting.