“new phishing platform used in credential theft campaigns against c - suite execs a credential theft campaign that targeted c - suite executives and senior personnel at major global organizations from november 2025 to march 2026 has been uncovered by researchers at abnormal. they …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
91%
“also automatically inserted into the phishing email. the victim ’ s email prefix is converted into a display name, used in the " from " fields alongside a generated signature with their real details ( name, email, company website and a fake phone number ). a second, randomly gene…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
71%
“##edential - harvesting methods. in the first, an adversary - in - the - middle ( aitm ) setup perfectly mimics the victim ’ s real login portal, complete with their company branding, pre - filled email and even their organization ’ s actual identity provider, while silently rela…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1111Multi-Factor Authentication Interception
71%
“##edential - harvesting methods. in the first, an adversary - in - the - middle ( aitm ) setup perfectly mimics the victim ’ s real login portal, complete with their company branding, pre - filled email and even their organization ’ s actual identity provider, while silently rela…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598.003Spearphishing Link
62%
“also automatically inserted into the phishing email. the victim ’ s email prefix is converted into a display name, used in the " from " fields alongside a generated signature with their real details ( name, email, company website and a fake phone number ). a second, randomly gene…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598Phishing for Information
51%
“new phishing platform used in credential theft campaigns against c - suite execs a credential theft campaign that targeted c - suite executives and senior personnel at major global organizations from november 2025 to march 2026 has been uncovered by researchers at abnormal. they …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598.002Spearphishing Attachment
42%
“new phishing platform used in credential theft campaigns against c - suite execs a credential theft campaign that targeted c - suite executives and senior personnel at major global organizations from november 2025 to march 2026 has been uncovered by researchers at abnormal. they …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1528Steal Application Access Token
42%
“##edential - harvesting methods. in the first, an adversary - in - the - middle ( aitm ) setup perfectly mimics the victim ’ s real login portal, complete with their company branding, pre - filled email and even their organization ’ s actual identity provider, while silently rela…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598.002Spearphishing Attachment
40%
“also automatically inserted into the phishing email. the victim ’ s email prefix is converted into a display name, used in the " from " fields alongside a generated signature with their real details ( name, email, company website and a fake phone number ). a second, randomly gene…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598Phishing for Information
38%
“also automatically inserted into the phishing email. the victim ’ s email prefix is converted into a display name, used in the " from " fields alongside a generated signature with their real details ( name, email, company website and a fake phone number ). a second, randomly gene…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598.003Spearphishing Link
38%
“new phishing platform used in credential theft campaigns against c - suite execs a credential theft campaign that targeted c - suite executives and senior personnel at major global organizations from november 2025 to march 2026 has been uncovered by researchers at abnormal. they …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1528Steal Application Access Token
37%
“authentication flows, evades detection and maintains access long after the initial compromise. venom phaas : the power engine behind the campaign the venom phaas powering the campaign features a licensing and activation model, structured token storage and a full campaign manageme…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom