Actor
O-UNC-038 is conducting a multi-stage Adversary-in-the-Middle (AiTM) phishing operation that abuses legitimate SaaS platforms and recruiter identities to steal corporate Google Workspace credentials and bypass multi-factor authentication.