| SYMBOL | COMMON_NAME | aka. SYNONYMS |
PoisonSeed is a threat actor employing an MFA-resistant phishing kit to acquire credentials from individuals and organizations, primarily targeting email infrastructure for cryptocurrency-related spam. They utilize spear-phishing emails with malicious links, automate bulk downloading of email lists, and capture authentication cookies to bypass MFA. PoisonSeed has been linked to campaigns that exploit cross-device sign-in features and employ tactics such as cryptocurrency seed phrase poisoning. Their infrastructure includes domains registered through NICENIC and hosted on Cloudflare, with a focus on phishing CRM and bulk email provider credentials.
There are currently no families associated with this actor.
| 2025-08-12
⋅
NVISO Labs
⋅
Shedding Light on PoisonSeed’s Phishing Kit PoisonSeed |
| 2025-04-03
⋅
Silent Push
⋅
PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation CryptoChameleon PoisonSeed |