A wide-ranging phishing campaign has been identified that enables threat actors to bypass traditional security controls and delay detection. The campaign, tracked since 2024, has facilitated remote surveillance, credential theft, lateral movement, data exfiltration, and ransomware across numerous organizations. The likely new or rebranded cybercriminal group behind this campaign uses legitimate services like TryCloudflare to host and deliver highly evasive malware such as AsyncRAT and other Remote Access Trojans. This malware allows threat actors to remotely control infected networks throughout the full attack lifecycle. The campaign targets organizations globally across multiple sectors without industry preference, using widely available malware and difficult-to-detect techniques involving Python scripts, obfuscated batch scripts, trusted cloud services, and dynamic infrastructure.