Analysis of payloads suggest affiliates may be using a shared codebase or common builder to deploy attacks under different RaaS brand names.
Over 8,000 subdomains belonging to recognized brands and organizations are being exploited for malicious email distribution.
