{"id":58934,"date":"2025-07-07T12:00:10","date_gmt":"2025-07-07T12:00:10","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/"},"modified":"2025-07-07T12:00:10","modified_gmt":"2025-07-07T12:00:10","slug":"phishing-platforms-infostealers-blamed-as-identity-attacks-soar","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/","title":{"rendered":"Phishing platforms, infostealers blamed as identity attacks soar"},"content":{"rendered":"<p>A rise in advanced phishing kits and info-stealing malware are to blame for a 156 percent jump in cyberattacks targeting user logins, say researchers.<\/p>\n<p>Security shop eSentire says identity-based attacks have soared since last year, and now make up 59 percent of all investigations carried out by its experts. Organizations, it added, should be on high alert for financially motivated crimes.<\/p>\n<p>It&#8217;s particularly worried about the increased likelihood that these identity attacks will lead to business email compromise (BEC) schemes and ransomware disasters.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Followers of the FBI&#8217;s stats will know that while BEC attacks don&#8217;t have the same degree of infamy attached to them as ransomware, they are more costly to organizations.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Figures from last year <a href=\"https:\/\/www.theregister.com\/2024\/03\/19\/crypto_scams_cost\/\">showed<\/a> that BEC attacks, cases involving the impersonation of support staff a la Scattered Spider, and even investment fraud, all contributed to greater financial losses, deep into the 10-digit range.<\/p>\n<p>Phishing-as-a-service platforms such as Tycoon 2FA are democratizing these kinds of attacks thanks to their sophisticated capabilities and relatively low cost.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>For just $200-300 per month, these kinds of toolkits offer convincing pre-made phishing pages for the major workplace platforms, such as Microsoft 365 and Google Workspace, as well as adversary-in-the-middle (AitM) functions to steal session cookies and bypass MFA.<\/p>\n<p>&#8220;The technical sophistication of these services rivals that of legitimate security tools, complete with user interfaces, customer support, and regular updates to counter defensive measures,&#8221; said eSentire in a <a href=\"https:\/\/esentire-dot-com-assets.s3.amazonaws.com\/assets\/resourcefiles\/eSentire_Report_Identity-Centric-Threats.pdf\" rel=\"nofollow\">report<\/a> [PDF] shared with <em>The Register<\/em> ahead of publication.<\/p>\n<p>Tycoon 2FA has emerged as the dominant phishing tool since hitting the shelves in 2023, thanks to its low price and robust capabilities, and the team behind it claims to have more than 2,000 monthly subscribers.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>With BEC attacks, the Tycoon 2FA customer will typically identify their favored target for the phishing email in a given organization&#8217;s accounts receivable department, and then work with the platform&#8217;s team to craft and send a convincing phishing email, eSentire said.<\/p>\n<p>The email is usually sent from a trusted source and contains a link to a phishing page, which silently captures the genuine credentials the duped target enters and relays them back to the Tycoon 2FA customer.<\/p>\n<p>From there, the criminals will monitor the inbox and keep tabs on regular high-value payments made to the organization. After some time, they will intercept an invoice from a trusted vendor, for example, alter the details such as the sum to be paid and the destination account, and ensure the payment is made to the criminals instead of the real organization.<\/p>\n<p>The number of attacks involving the compromise of business email accounts has increased 60 percent year over year, eSentire reckons, to 41 percent of all attacks in Q1 2025.<\/p>\n<p>And for those who can&#8217;t afford the $200-300 outlay for Tycoon 2FA, that&#8217;s where infostealers come into play. As little as $10 can unlock access to various logs gathered by info-grabbing malware, offering a more hands-off approach to email compromise.<\/p>\n<p>&#8220;Each log consists of the data stolen from one infected device, and this log can potentially contain dozens of account credentials from a corporate user or private individual,&#8221; said eSentire.<\/p>\n<p>From the recently <a href=\"https:\/\/cyberscoop.com\/colossal-data-breach-16-billion-credentials-no-evidence-media-exaggeration\/\" rel=\"nofollow\">misreported 16 billion leaked passwords story<\/a> to <a href=\"https:\/\/www.theregister.com\/2025\/06\/02\/security_news_roundup\/\">potentially failed Fed&nbsp;takedowns<\/a>, infostealers have attracted much of the infosec limelight of late.<\/p>\n<p>Using infostealer logs as the primary tool to launch a BEC or ransomware attack might be less successful as these logs are often being padded with old credentials to make them seem more attractive to buyers.<\/p>\n<p>Being so old, these credentials end up being useless since most organizations will rotate them between the time they were stolen and later bought in a log containing <a href=\"https:\/\/www.theregister.com\/2025\/02\/26\/hibp_adds_giant_infostealer_trove\/\">hundreds of thousands<\/a> of others like them.&nbsp;<\/p>\n<p>However, it only takes one email compromise to infiltrate an organization, so some may view the infostealer route as more preferable than a sophisticated, costlier phishing campaign, albeit a less reliable one.<\/p>\n<p>&#8220;The ROI for identity-based attacks far exceeds that of traditional malware or vulnerability exploitation, creating strong incentives for hackers to focus on stealing your employees&#8217; credentials for their Microsoft business accounts, password manager databases, bank and credit card accounts, crypto wallets, and other valuable accounts,&#8221; eSentire said.<\/p>\n<p>&#8220;Therefore, TRU does not expect to see identity-based attacks decline anytime soon and the Phishing-as-a-Service and Infostealer Malware-as-a-Service offerings continue to improve their ability to steal high-value credentials and not be detected.&#8221;<\/p>\n<p>The security industry&#8217;s move toward pushing passkeys as the primary, new mainstream form of account authentication comes against this backdrop of rising email compromises.&nbsp;<\/p>\n<p>Passkeys are being tipped as a phishing-resistant form of account authentication, and Microsoft customers will be well aware of them already, since <a href=\"https:\/\/www.theregister.com\/2025\/05\/04\/security_news_in_brief\/\">they are now the default authentication method<\/a>.<\/p>\n<p>Passkeys rely on methods such as public key pairing and biometrics to replace passwords entirely, effectively nullifying the impact of infostealers and phishing pages, however sophisticated they may be.<\/p>\n<p>Earlier forms of phish-resistant authentication protocols came in various forms, such as hardware-based FIDO keys. These would mean accounts couldn&#8217;t be accessed without having the physical key on the account holder&#8217;s person. Passkeys are more convenient.<\/p>\n<p>In addition to deploying <a href=\"https:\/\/www.theregister.com\/2024\/11\/17\/passkeys_passwords\/\">passkeys<\/a> or anything else to prevent successful phishing attacks affecting employee accounts, eSentire said comprehensive monitoring capabilities should be up and running to detect identity attacks early on, and rapid <a href=\"https:\/\/www.theregister.com\/2025\/03\/10\/incident_response_advice\/\">incident response<\/a> procedures should be ironed out.<\/p>\n<p>&#8220;Looking toward the future, organizations must prepare for continued evolution in identity-based attack techniques,&#8221; the security shop&#8217;s report read. &#8220;The organizations that invest in comprehensive identity security architectures today will be best positioned to adapt to these future developments while maintaining effective protection against current threats.&nbsp;<\/p>\n<p>&#8220;Organizations can either proactively transform their security architectures to address identity-centric threats, or they can continue operating with obsolete security programs until a successful attack forces reactive changes under crisis conditions.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2025\/07\/07\/phishing_platforms_infostealers_blamed_for\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Get your creds in order or risk BEC, ransomware attacks, orgs warned A rise in advanced phishing kits and info-stealing malware are to blame for a 156 percent jump in cyberattacks targeting user logins, say researchers.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-58934","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Phishing platforms, infostealers blamed as identity attacks soar 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishing platforms, infostealers blamed as identity attacks soar 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-07T12:00:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Phishing platforms, infostealers blamed as identity attacks soar\",\"datePublished\":\"2025-07-07T12:00:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\\\/\"},\"wordCount\":975,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\\\/\",\"name\":\"Phishing platforms, infostealers blamed as identity attacks soar 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2025-07-07T12:00:10+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Phishing platforms, infostealers blamed as identity attacks soar\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishing platforms, infostealers blamed as identity attacks soar 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/","og_locale":"en_US","og_type":"article","og_title":"Phishing platforms, infostealers blamed as identity attacks soar 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2025-07-07T12:00:10+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Phishing platforms, infostealers blamed as identity attacks soar","datePublished":"2025-07-07T12:00:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/"},"wordCount":975,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/","url":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/","name":"Phishing platforms, infostealers blamed as identity attacks soar 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2025-07-07T12:00:10+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGvMjoAQSajM63cRqLj24AAAAUM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/phishing-platforms-infostealers-blamed-as-identity-attacks-soar\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Phishing platforms, infostealers blamed as identity attacks soar"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/58934","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=58934"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/58934\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=58934"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=58934"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=58934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}