In this blog, we’ll share our technical analysis and journey of unraveling this BEC operation, from the phishing campaign and compromised mailboxes to the attacker infrastructure. This threat highlights the importance of building a comprehensive defense strategy, which should include strong pre-breach solutions that can prevent attackers from gaining access and creating persistence on systems in the first place, as well as advanced post-breach capabilities that detect malicious behavior, deliver rich threat data, and provide sophisticated hunting tools for investigating and resolving complex cyberattacks.