Silent subject/null subject phishing campaign targeting executives and privileged users
Campaign
Summary
Hide ▲
Show ▼
A widespread silent subject/null subject phishing campaign is sending subject-less emails to high-value users, raising the risk of credential theft and follow-on lateral movement. The messages use multiple domains and empty or vague subject fields to slip past email filters and exploit curiosity. Attackers are also using malicious links, QR codes, and attachments, while some variants abuse Datto RMM and the FlowerStorm PaaS toolkit to support persistence and delivery. Activity rose across Q1 2026, with reported increases of 13.9% from January to February and 7.0% in March.
Related Happenings
QR code phishing surged across email threats in Q1 2026
Target Trend
First: 05.05.2026 09:35
Last: 05.05.2026 09:35
Sources 1
About this happening:
**Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
QR code phishing surged across email threats in Q1 2026
Target TrendAbout this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
Code of conduct-themed Microsoft AiTM phishing campaign
Campaign
First: 05.05.2026 09:35
Last: 05.05.2026 09:35
Sources 1
About this happening:
A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...
Code of conduct-themed Microsoft AiTM phishing campaign
CampaignAbout this happening: A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...
Amazon SES phishing and BEC abuse campaign
Campaign
First: 04.05.2026 23:03
Last: 04.05.2026 23:03
Sources 1
About this happening:
A phishing campaign is abusing Amazon Simple Email Service (SES) to send convincing emails that can bypass standard authentication and reputation-based defenses. Attackers are usi...
Amazon SES phishing and BEC abuse campaign
CampaignAbout this happening: A phishing campaign is abusing Amazon Simple Email Service (SES) to send convincing emails that can bypass standard authentication and reputation-based defenses. Attackers are usi...
Venom PhaaS SharePoint QR-code campaign targeting C-suite executives
Campaign
First: 03.04.2026 11:00
Last: 03.04.2026 11:00
Sources 1
About this happening:
The **Venom PhaaS** operation ran a **credential theft campaign** against **C-suite executives and senior personnel** at major global organizations, creating a broad risk of accou...
Venom PhaaS SharePoint QR-code campaign targeting C-suite executives
CampaignAbout this happening: The **Venom PhaaS** operation ran a **credential theft campaign** against **C-suite executives and senior personnel** at major global organizations, creating a broad risk of accou...
NCSC alert on messaging-app targeting of high-risk individuals
Public Sector Action
First: 02.04.2026 17:15
Last: 02.04.2026 17:15
Sources 1
About this happening:
The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...
NCSC alert on messaging-app targeting of high-risk individuals
Public Sector ActionAbout this happening: The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...
Timeline
-
22.04.2026 16:00 2 articles · 1mo ago
Silent subject/null subject phishing campaign targeting executives and privileged users
Initial DisclosureThe campaign emerged as a surge of **subject-less phishing emails** sent from **multiple domains** to **high-value users**. Early activity relied on empty or vague subject fields to reduce detection and encourage recipients to open the messages.
Show sources
- Surge in Silent Subject Phishing Attacks Targets VIP Users — www.infosecurity-magazine.com — 22.04.2026 16:00
- Surge in Silent Subject Phishing Attacks Targets VIP Users — www.infosecurity-magazine.com — 22.04.2026 16:00