Fair challenge, you're right that there's nothing sophisticated about this type of activity, but if you look at Lazarus activity this is their ttp. I mentioned TraderTraitor, go look them up (that sounds terse, it's not meant to be). They stole a couple of hundred million dollars in the past 6 months. They're not particularly sophisticated in terms of ttp, but because they're a nation-state actor they it's an entirely different threat model than script kiddie.
Attribution is hard, but if we're talking about defending, there's little cost to assuming Lazarus-style threat actor.
Very. Frustrating how many "Nation State" attributions boil down entirely because it's some Russian hacker, and they're using some publicly known bit of malware.
This sort of an attack is comically simple to pull off with a 12b obliterated LLM model and some basic scripts and proxies.
Security has to evolve, or the world will be cooked by script kiddies running email loops.
There's really nothing sophisticated about this these days, and it's only a short matter of time before it becomes commonplace.