Spearphishing via compromised corporate accounts
Credential harvesting using fake Outlook Web App (OWA) login pages
Deployment of .NET-based keyloggers
Use of Tor for anonymization and accessing victim email accounts
Living-off-the-land (LotL) techniques to evade detection
Targeting of non-public correspondence regarding Mergers & Acquisitions (M&A)