Over the holiday season, a coordinated attack was detected and blocked by Microsoft Threat Intelligence security analysts, involving tens of thousands of emails crafted to deceive recipients. The cybercriminal group known as Storm-0900 launched a large-scale phishing campaign, targeting users across the United States. The campaign exploited two main social engineering themes : fake parking ticket notifications and fraudulent medical test results. Microsoft Threat Intelligence analysts and security researchers discovered that this campaign led to the spread of XWorm, a widespread modular remote access malware used by many threat actors across the cyber threat landscape. In connection with the Thanksgiving holiday, attackers