Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called “VENOM” are targeting credentials of C-suite executives across multiple industries.

The operation has been active since at least last November and appears to target specific individuals who serve as CEOs, CFOs, or VPs at their companies.

VENOM also seems to be closed access, as it has not been promoted on public channels and underground forums, thus reducing its exposure to researchers.