Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Scripted Sparrow executive-coaching BEC campaign

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The Scripted Sparrow business email compromise campaign is sending 4-6 million targeted emails each month, raising the risk of invoice fraud and wire-transfer theft across organizations in multiple countries. The operation impersonates executive coaching and leadership training consultancies to reach Accounts Payable staff with spoofed reply chains, invoices, and W-9 attachments. It has been active since June 2024 and has already generated hundreds of distinct engagements.

Related Happenings

FBI Operation Winter SHIELD cyber resilience campaign

Public Sector Action
First: 29.01.2026 18:50 Last: 29.01.2026 18:50 Sources 1

About this happening: The **FBI** launched **Operation Winter SHIELD**, issuing **ten recommended actions** to help organizations harden **IT and OT environments** against **cyber-attacks and malicious...

Open Happening

BlueNoroff GhostCall and GhostHire Web3/blockchain targeting campaign

Campaign
First: 28.10.2025 18:12 Last: 28.10.2025 18:12 Sources 1

About this happening: The **BlueNoroff**-linked **GhostCall** and **GhostHire** campaigns are actively targeting the **Web3 and blockchain** sectors, putting **executives**, **venture capital** staff,...

Open Happening

Smishing Triad global smishing campaign with rapid domain churn

Campaign
First: 24.10.2025 21:35 Last: 24.10.2025 21:35 Sources 1

About this happening: **Smishing Triad** is a **large-scale, ongoing smishing campaign** tied to **more than 194,000 malicious domains** registered since **January 1, 2024** and used to push **fraudule...

Latest development: 12.11.2025 22:59

Google filed a lawsuit on 2025-11-12 to dismantle Lighthouse, a phishing-as-a-service platform used in smishing campaigns impersonating USPS and E-ZPass, alleging that the infrastructure affected over 1 million victims across 120 countries and seeking to shut down the website support behind the kit.

Open Happening

Lumma Stealer group doxxing campaign

Campaign
First: 20.10.2025 15:42 Last: 20.10.2025 15:42 Sources 1

About this happening: A **targeted underground doxxing campaign** has hit the **Lumma Stealer** ecosystem, exposing alleged core members and disrupting the operation’s communications. Trend Micro said...

Open Happening

Timeline

  1. 22.12.2025 11:30 2 articles · 5mo ago

    Fortra discloses Scripted Sparrow BEC operation

    Initial Disclosure

    Fortra identifies Scripted Sparrow as a global business email compromise collective that impersonates executive coaching and leadership training consultancies to send an estimated 4-6 million highly targeted emails each month. The group sends spoofed reply-chain messages to Accounts Payable staff, typically with invoice and completed W-9 attachments for ACH or wire transfers, and Fortra says the operation spans three continents and at least five countries, has been active since at least June 2024, and uses at least 119 domains, 245 webmail addresses, 256 bank accounts, Windows computers running Remote Desktop Protocol, browser plugins, location spoofing, webmail, controlled domains, NameSilo and Dynadot registrations, Skia-generated PDFs, and some Telegram communications.

    Show sources
    Open in new tab