Cofense has shared analysis observing the increased use of SuperMailer by threat actors deploying high-volume phishing campaigns. SuperMailer is a professional newsletter program which seems to have become equally attractive to criminals running phishing campaigns as it is to marketing professionals. Fourteen percent of all phishing emails tracked by Cofense were produced by SuperMailer in the month of May, a significant increase from the prior month where it was only 4 percent.
The post details some of the tactics threat actors are using in these SuperMailer-powered campaigns to bypass multiple popular secure email gateways used across a broad set of industries, including energy, government, and utilities. According to Cofense, it seems the threat actor has made errors in crafting their templates which has resulted in some unique indicators that may currently be used to potentially detect the malicious campaigns. Read more at Cofense.