The phishing landscape has shifted from clumsy mass-mailers to AI-driven Advanced Persistent Threats (APTs)  in 2026 that bypass traditional defenses with surgical precision. This talk deconstructs the operations of Obsidian Vulture, a sophisticated threat actor utilizing "white-noise" distraction campaigns to mask high-value credential harvesting.

By leveraging AI-enhanced personalization and advanced browser-side evasion techniques, these attackers successfully capture MFA tokens and session cookies to hijack corporate identities. We reveal a multi-channel evolution where failed digital attempts escalate into direct vishing (voice phishing) attacks, effectively lowering the barrier for global cybercrime while increasing its lethality.