critical flaw in the paper
"We can confirm that these attacks are targeting the same brand, therefore, it is safe to
assume they are being made by the same threat actor."
Phishing kits are a thing, and they're widely available to anyone who wants them.
Just because the folder syntax is the same, doesn't mean they are the same threat actor.
Biting the hand that feeds IT
