Flowerstorm Phishing Activity Report - June 2025


Summary

The Flowerstorm phishing kit remained a persistent threat throughout June 2025, with 1,488 total reports. Activity was concentrated in the first week before tapering off. The campaign maintained focus on Microsoft credential harvesting and relied heavily on Cloudflare-backed infrastructure and consistent domain patterns.

Note: This summary was generated with the assistance of AI.

Timeline Analysis

Key Findings

Infrastructure Summary

Geographic Hosting Distribution

Common Domain & URL Patterns

Anomalies & Activity Shifts

Relevant Links

Tycoon Phishing Kit Activity Report - May 2025


Summary

Tycoon phishing kit operations demonstrated significant activity escalation throughout May 2025, with 2,842 total detections representing a concentrated campaign targeting Microsoft Office 365 credentials. The month showed a notable surge in the final week with activity levels nearly tripling compared to mid-month periods.

Note: This summary was generated with the assistance of AI.

Timeline Analysis

Key Findings

Infrastructure Summary

Target Patterns

Common Domain Patterns

Anomalies & Activity Shifts

Relevant Links

Phishing Landscape Analysis: May 2025


Summary

May 2025 demonstrated significant independent phishing activity with 8,338 total reports outside major phishing kit operations. The data reveals a mature threat actor ecosystem using cloud infrastructure, advanced brand impersonation, and diverse targeting strategies. Activity stayed consistently high, with cloud-hosted campaigns making up over 32% of all phishing infrastructure.

Note: This summary was generated with the assistance of AI.

Timeline Analysis


Key Findings

Infrastructure Dominance

Campaign Categories

Technical Evolution


Anomalies & Activity Shifts


Relevant Links