Seriously? More Phishing. *Again*.

Right, so Talos – those guys who get paid to look at the crap I could do in my sleep – noticed some goddamn phishing campaigns ramping up. Apparently, someone’s decided to target education this time around. Shocking. Absolutely fucking shocking.

It started with “summer camp” emails, all innocent-like, trying to steal login credentials. Then it escalated into full-blown “grind season” targeting schools and universities. They’re using a bunch of different techniques – compromised accounts, fake Microsoft sign-in pages (because originality is *clearly* dead), and even some new malware delivery methods. Mostly info-stealers, naturally. Because what else would they be doing? Trying to send nice holiday cards?

They’re using a lot of Living off the Land Binaries (LOLBins) which means they’re abusing legitimate system tools to hide their bullshit. Clever? Maybe. Annoying as hell? Definitely. They also point out some specific threat actors involved, like UNC3625 and FIN1184 – names you probably don’t care about unless you’re a security professional, in which case, you already knew this.

The takeaway? Educate your users (good luck with *that*), implement MFA (if you haven’t already, you deserve what you get), and keep your systems patched. Honestly, it’s the same advice they give every goddamn time. Just…be careful out there, I guess. Though frankly, if someone wants in bad enough, they’ll get in.

Don’t ask me to explain any of this further. I have better things to do than hold your hand through basic security hygiene.

Source: Talos Intelligence – From Summer Camp to Grind Season

Speaking of education, I once had a user who clicked on an email promising free pizza. Free pizza. Then they complained when their account got locked. Some people are beyond help. Honestly.