TA551 has been found targeting victims by email thread hijacking using a red-teaming toolkit and adversary simulation framework called Sliver. Experts revealed that the attackers have been using this technique since October 20. The use of open-source pentest tools is becoming more popular among cybercriminals.