The broader phishing ecosystem is evolving
The campaign has targeted sectors including local government, logistics, retail, communications, and real estate, according to the report. Researchers also identified infrastructure using domains designed to resemble court systems, enterprise portals, and Microsoft-related services.
Sublime published 153 indicators of compromise, including dozens of subdomains on cloud object storage services across regions, including Singapore, Bangkok, Frankfurt, Tokyo, Seoul, Jakarta, and Ashburn.
The researchers also identified domain naming patterns that overlap with prior FlowerStorm reporting, including German-language domains assembled from English words to mimic legitimate business names.
