A newly discovered multi-stage AitM phishing and BEC attack campaign has been targeting banking and financial organizations. The phishing kit enabled the attackers to send out more than 16,000 emails to a target’s contacts as part of the second-stage phishing campaign. To remediate the issue, it is recommended to reset the passwords for compromised users.