This is just the most recently discovered phishing campaign suspected to be from the TA413 threat group.
This is a typical example of how a phishing attack is executed, and data exfiltration is achieved by bad actors.
I love ‘The FriarFox attack vector’ graphic. credit: Proofpoint.
Thanks to Proofpoint and Threatpost for this article.