Microsoft exposed an Austria-based private-sector offensive actor that has been observed both selling the Subzero malware to third parties, but also using its own infrastructure in some attacks.
Hack-for-hire firms are targeting a range of accounts from Google and major webmail providers in credential theft campaigns.