T1566 - Spearphishing - MITRE ATT&CK

Threat entity extracted from intelligence sources

Frequency
40
occurrences
First Seen
October 29, 2025
Last Seen
January 30, 2026

T1566 - Spearphishing is a mitre_attack tracked across 36 threat clusters and 40 intelligence report mentions on ThreatCluster. First observed October 29, 2025; most recent activity January 30, 2026.

Overview

T1566, Spearphishing, is a MITRE ATT&CK technique in which attackers target specific individuals or organizations with crafted emails containing links or attachments to steal credentials or deploy malware. It remains a primary initial access vector across ransomware, espionage, and APT campaigns, with evolving variants such as quishing (QR code-based phishing) that exploit messaging channels beyond traditional attachments.

Related Threat Clusters

Recent Intelligence Reports

  • Cybersecurity Threats to Universities and Colleges — Timeshighereducation · January 30, 2026
  • Cyber's New Reality: AI, Deepfakes, And Double Extortion (Podcast) — Mondaq · January 28, 2026
  • Pakistan-Linked APT Deploys GOGITTER, GITSHELLPAD In Strikes On Indian Government — Cyberpress · January 27, 2026
  • Cyber's New Reality: AI, Deepfakes, and Double Extortion — Goodwinlaw · January 26, 2026
  • Infostealer Trove: 149 Million Logins Exposed in Open Database Nightmare — Webpronews · January 25, 2026
  • Canadian Securities Regulators Warn Registrants About New Impersonation Scam — Mondovisione · January 25, 2026
  • Database Containing 149M Stolen Passwords From Gmail, Instagram, More Exposes ... — Au.Pcmag · January 24, 2026
  • Nearly 150 Million Online Accounts Exposed In Massive Data Leak - Evrim Ağacı — Evrimagaci · January 24, 2026

CVSS v3.1 Breakdown