Organizations in the US have been targeted since at least 2021 in various phishing and business email compromise (BEC) campaigns spoofing government and private businesses. The attacks, attributed to a threat actor tracked as TA4903, were focused on harvesting corporate credentials to enable BEC activities such as invoice fraud or payroll redirect. As part of the observed attacks, the threat actor frequently registered new domains spoofing government entities and private organizations in secto