Operation DoppelBrand Targets Fortune 500 Firms for Credential Theft

Operation DoppelBrand Targets Fortune 500 Firms for Credential Theft

First seen 16 Feb 2026, 16:10 UTC DarkreadingSocradarInfosecurity-MagazineScworldNatlawreview+1 78% similarity 33.3

Article Content

Browse articles
ThreatCluster

Operation DoppelBrand is a phishing campaign identified by SOCRadar that targets major financial and technology firms, including Wells Fargo and USAA. The campaign, attributed to the financially motivated threat actor GS7, took place between December 2025 and January 2026, with links to prior activities dating back to 2022.

ThreatCluster AI

Timeline

2025-12-01
Operation DoppelBrand campaign begins targeting firms
2026-01-31
Operation DoppelBrand campaign ends
2026-02-16
Operation DoppelBrand publicly reported by SOCRadar

Community

Browse all →