Menu
Browse

Cyber Threat Actor: Phishing Actor

Actor Type Location Known Incidents
 Icon
Criminal
United States of America
1 incident
Profile

Thethreat actor is known by the alias Phishing Actor and has been publicly associated with activity originating from the United States of America. No other aliases or alternative names have been reported in open sources. The actor’s location is limited to the United States based on the available attribution.

The only publicly documented activity linked to this actor occurred on March 26, 2019, when a phishing email was sent to an employee of the Oregon state government. The phishing message served as the initial access vector for the incident, though no specific malware family or toolset was disclosed in the reporting. As a result of the successful phishing attempt, the state’s email domains were temporarily blacklisted by Microsoft services, which blocked outgoing messages to outlook.com, msn.com, hotmail.com, and live.com addresses. State employees were unable to send mail to those platforms until internal notifications from Oregon IT leadership prompted remediation and access was restored.

No further campaigns or operations have been attributed to Phishing Actor in publicly available sources, and no affiliations with state sponsors, criminal groups, or other threat clusters have been established. The actor’s tactics, as observed, are limited to the use of deceptive emails to gain entry into target networks, with no evidence of additional payloads or post‑exploitation tools. Consequently, the profile of Phishing Actor remains defined by this single reported phishing event and its observable impact on email services.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources