Vlaanderen.be your SPF is a phishing problem!
A massive phishing campaign is targeting vlaanderen.be, impersonating their domain. It is common for phishing campaigns to impersonate government domains. However, during my investigation, I observed that the attackers were sending phishing emails from an IP address that was listed in the SPF record of vlaanderen.be.
This video showcases the steps taken during the investigation and presents my conclusion regarding the possible events that led to the extensive distribution of phishing emails using the vlaanderen.be domain.
This video was made in a very short time, so apologies for the editing mistakes 😉