_Inside Look: Evolution of Spear-Phishing Techniques of Notorious Threat Groups

In recent years, different campaigns and threats have been developing, whose entry vector has been the same: email. This initial access always seems the most absurd and unworthy of attention because companies have properly trained their employees. However, the trend tells us the opposite. Many criminal groups and APTs continue to use this technique, varying or evolving it, leaving the most vulnerable element, human error, in doubt.

Phishing (T1566), a social engineering technique used as initial access (TA0001) since the mid-90s, is nothing more than a tool to deceive the victim into providing confidential information. Attackers disguise fraudulent emails with messages that appear familiar to the victim and are difficult (in most cases) to distinguish at a glance from the legitimate ones they are trying to emulate.

Along with this technique, we have spear-phishing, which has different sub-techniques (T1566.001, T1566.002, T1566.003). It uses fraudulent emails to entice the victim to click on a link, open an attachment, etc.