---
title: "Email Phishing Soars: Report, Google: Ukraine Phished, QBot Email Malware, Cybersecurity News | DMARC Report"
description: "Emails are the top mode of corporate communication often targeted by threat actors and cybercriminals."
image: "https://dmarcreport.com/og/blog/email-phishing-soars-report-google-ukraine-phished-qbot-email-malware.png"
canonical: "https://dmarcreport.com/blog/email-phishing-soars-report-google-ukraine-phished-qbot-email-malware/"
---

Quick Answer

Emails are the top mode of corporate communication often targeted by threat actors and cybercriminals. Here are the latest \[email security\](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) news and updates for April 2023.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Femail-phishing-soars-report-google-ukraine-phished-qbot-email-malware%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Email%20Phishing%20Soars%3A%20Report%2C%20Google%3A%20Ukraine%20Phished%2C%20QBot%20Email%20Malware%2C%20Cybersecurity%20News&url=undefined%2Fblog%2Femail-phishing-soars-report-google-ukraine-phished-qbot-email-malware%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Femail-phishing-soars-report-google-ukraine-phished-qbot-email-malware%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Femail-phishing-soars-report-google-ukraine-phished-qbot-email-malware%2F&title=Email%20Phishing%20Soars%3A%20Report%2C%20Google%3A%20Ukraine%20Phished%2C%20QBot%20Email%20Malware%2C%20Cybersecurity%20News "Share on Reddit") [ ](mailto:?subject=Email%20Phishing%20Soars%3A%20Report%2C%20Google%3A%20Ukraine%20Phished%2C%20QBot%20Email%20Malware%2C%20Cybersecurity%20News&body=Check out this article: undefined%2Fblog%2Femail-phishing-soars-report-google-ukraine-phished-qbot-email-malware%2F "Share via Email") 

![Email Phishing Soars: Report, Google: Ukraine Phished, QBot Email Malware, Cybersecurity News](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) 

Emails are the top mode of corporate communication often targeted by threat actors and cybercriminals. Here are the latest [email security](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) news and updates for April 2023.

> Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, General Manager of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely.

\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses.

## Phishing Attacks Soar by 569%, According to the State of Email Security Report

Cofense released its latest email security report shedding light on the \*\*alarming increase in phishing attacks.

As of 2025, DMARC is mandatory under multiple compliance frameworks. [CISA BOD 18-01](https://www.cisa.gov/news-events/directives/bod-18-01) requires p=reject for US federal domains. [PCI DSS v4.0](https://www.pcisecuritystandards.org/) mandates DMARC for organizations processing payment card data as of March 2025\. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and [Microsoft began rejecting](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) non-compliant email in May 2025\. The UK [NCSC](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing), Australia’s [ASD](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-email), and Canada’s [CCCS](https://www.cyber.gc.ca/en/guidance/implementation-guidance-email-domain-protection) all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.

The 2023 Annual State of Email Security Report [highlighted](https://cofense.com/annualreport/) that phishing attacks experienced a 569% surge in the past year. The statistic came as a result of data received from 35 million individuals worldwide. The report also shared that \*\*malware is becoming more common in phishing attacks, with Emotet and QakBot becoming the top malware reported in phishing emails.

![Dmarc report 1](https://media.mailhop.org/dmarcreport/images/2023/04/dmarc-report-1-1.jpg) 

> 

The Vice President and CISO (Chief Information Security Officer) at Cofense, Tonia Dudley, commented that there is a significant spike in nation-state cyber attacks, saying, “The increase in \*\*nation-state attacks and major incidents overall continues to apply pressure to drive visibility of an organization’s security program by boards, corporate executives and [cyber insurers](https://www.csoonline.com/article/3694088/cyber-insurer-launches-insursec-solution-to-help-smbs-improve-security-risk-management.html).”

Phishing is one of the most common cyberattacks, which is becoming easier to conduct with \*\*AI technology and [ChatGPT](https://www.insurancejournal.com/news/national/2023/05/03/719116.htm). You should stay vigilant and follow the latest developments to keep safe.

## Russian Phishing Attacks: Ukraine Bears Brunt of 60% Targeting in 2023, says Google

Google’s **TAG (Threat Analysis Group)** has reported that Ukraine was the victim of nearly 60% of Russian phishing attacks, making the country the prime target of Russia .

TAG has been monitoring and disrupting the [malicious activities](https://www.wionews.com/world/us-uk-sanction-members-of-russia-based-trickbot-cybercrime-gang-for-malicious-activities-560455) of Russian \*\*state-backed actors trying to collect intelligence, disrupt operations, and leak sensitive data. Google’s TAG listed three Russian and Belarusian threat actors being most prominent against Ukraine, including:

- Sandworm, which has been focusing attacks on the European energy sector since November 2022.
- APT28, which is utilizing mass [phishing](https://dmarcreport.com/blog/phishing-smishing-vishing-everything-you-need-to-know/) campaigns targeting Ukrainian citizens luring victims to fake government websites.
- And Pushcha, a threat actor group that uses \*\*webmail providers to steal login credentials via phony websites. Google also reported that TAG has been observing and **taking down** [IRA-linked](https://www.investopedia.com/terms/i/ira.asp) accounts on YouTube, and all Gmail and Workspace users will keep receiving alerts about all malicious communications.

## QBot Email Attacks Employ PDF and WSF Combo to Install Malware, Warns Report

The QBot malware is being distributed via phishing emails employing PDFs and WSF (Windows Script Files) to infect Windows PCs. QBot is a \*\*banking trojan-turned-malware that provides threat actors access to corporate networks and allows them to drop additional malware or ransomware payloads like Cobalt Strike and Brute Ratel. The threat actors use [QBot](https://www.securityweek.com/qbot-malware-infects-over-800-corporate-users-new-ongoing-campaign/) to move laterally through networks, making away with sensitive information and deploying ransomware for extortion.

Threat actors distribute QBot via reply-chain phishing emails with attached PDFs that download ZIP files containing [WSFs](https://docs.fileformat.com/executable/wsf/). \*\*The WEF executes a PowerShell script to download a DLL (Dynamic Link Library) that downloads the \*\*malware on the victim’s system.

![Dmarc record generator](https://media.mailhop.org/dmarcreport/images/2023/04/dmarc-record-generator-7802.jpg) 

The QBot malware is a significant threat capable of taking down **entire networks**, so organizations and individuals should be on their guard.

## Microsoft Reveals Plans to Introduce DMARC Aggregate and Policy Handling Updates in 2023

Microsoft has \*\*implemented many of DMARC’s (Domain-based Message Authentication, Reporting, and Conformance) products and services for several years and encourages other organizations to do the same to address email security needs .

Microsoft recently announced that it would roll out a DMARC aggregate and policy handling features to highlight the organization’s commitment to email security. With the new policy, Microsoft will go with a \*\*cautious approach and quarantine all emails that fail [DMARC](https://dmarcreport.com/) authentication, even if the sender is using the reject policy. Microsoft has adopted this approach to reduce the risk of \*\*false positives so Microsoft users can review all emails and check whether they are authentic.

Rejecting emails failing [DMARC authentication](https://dmarcreport.com/blog/how-dmarc-report-analysis-helps-stop-phishing-and-spoofing/) is essential to fight email fraud and phishing attacks. However, the latest approach will \*\*provide protection and allow users to reduce false positives so no critical emails are rejected.

## US Financial Firms Targeted with Tax-Themed Phishing Emails

GuLoader, a novel malware, targets the US financial sector with specially crafted [phishing emails](https://www.techradar.com/news/phishing-emails-are-seeing-a-huge-rise-so-stay-on-your-guard) with tax themes.

Security researchers at eSentire [analyzed](https://www.esentire.com/blog/guloader-targeting-the-financial-sector-using-a-tax-themed-phishing-lure) the malware and highlighted that the malware contains \*\*multiple shellcode stages and has advanced anti-analysis techniques. The attack starts with a phishing email with links to Adobe Acrobat files that are **disguised as PDFs**. These PDFs download payloads from the Internet, load them into the system, and achieve persistence.

The threat actors employ \*\*tax-themed phishing emails that impersonate legitimate tax authorities like the IRS (Internal Revenue Service), creating a sense of urgency using messages about tax refunds or payments.

Once the [malware](https://news.yahoo.com/malware-targeting-macos-steal-sensitive-205243496.html) is installed, the threat actors gain access to the system and user data. If you get a similar email, best \*\*double check on authentic websites or the agency contact mentioned on genuine sites.

## Sources

- [CISA Binding Operational Directive 18-01](https://www.cisa.gov/news-events/directives/bod-18-01)
- [Microsoft Outlook DMARC Enforcement May 2025](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) (2025)
- [PCI DSS v4.0 - DMARC Requirement](https://www.pcisecuritystandards.org/) (2025)

## Topics

[ email security ](/tags/email-security/)[ News ](/tags/news/) 

![Vishal Lamba](https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg) 

[ Vishal Lamba ](/authors/vishal-lamba/) 

Content Specialist

Content Specialist at DMARC Report. Writes vendor-specific email authentication guides and troubleshooting walkthroughs.

[LinkedIn Profile →](https://www.linkedin.com/in/vishal-lamba/) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Foundational 4m  5 Mind-Boggling Phishing Attacks in Australia 2023!  Feb 8, 2024 ](/blog/5-mind-boggling-phishing-attacks-in-australia-2023/)[  Foundational 4m  Akira flaunts victims, Idaho targets orthodontist, AI granny protects  Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)[  Foundational 4m  Alternatives to DMARCLY's Blog Section for Learning About Email Authentication and DMARC  Nov 6, 2023 ](/blog/alternatives-to-dmarclys-blog-section-for-learning-about-email-authentication-and-dmarc/)[  Foundational 4m  Ambient Light Spying, Cybersecurity Prices Drop, Euro 2024 Threats  Jul 10, 2024 ](/blog/ambient-light-spying-cybersecurity-prices-drop-euro-2024-threats/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Email Phishing Soars: Report, Google: Ukraine Phished, QBot Email Malware, Cybersecurity News","description":"Emails are the top mode of corporate communication often targeted by threat actors and cybercriminals.","url":"https://dmarcreport.com/blog/email-phishing-soars-report-google-ukraine-phished-qbot-email-malware/","datePublished":"2023-04-30T03:43:45.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2023-04-30T03:43:45.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vishal-lamba/#person","name":"Vishal Lamba","url":"https://dmarcreport.com/authors/vishal-lamba/","jobTitle":"Content Specialist","description":"Vishal Lamba writes DMARC Report's how-to guides and vendor-specific configuration walkthroughs. His work focuses on step-by-step implementation guides for major email platforms (Google Workspace, Microsoft 365, SendGrid, Mimecast, Proofpoint, Brevo, and others), troubleshooting common SPF and DMARC errors, and translating RFC-level specifications into practical deployment procedures for IT administrators.","image":"https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg","knowsAbout":["SPF Vendor Configuration","Email Platform Integrations","SPF Troubleshooting","Technical Documentation","Step-by-Step Guides"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vishal-lamba/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/email-phishing-soars-report-google-ukraine-phished-qbot-email-malware/"},"articleSection":"foundational","keywords":"email security, News","wordCount":848,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Email Phishing Soars: Report, Google: Ukraine Phished, QBot Email Malware, Cybersecurity News","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Email Phishing Soars: Report, Google: Ukraine Phished, QBot Email Malware, Cybersecurity News","item":"https://dmarcreport.com/blog/email-phishing-soars-report-google-ukraine-phished-qbot-email-malware/"}]}
```