Threat actors are exploiting vulnerabilities in government websites, particularly .gov domains, to conduct phishing campaigns. The abuse primarily involves using open redirects to bypass secure email gateways and lead victims to credential phishing pages. A significant portion of these exploits may be related to CVE-2024-25608, affecting the Liferay digital platform. US government domains, while less frequently abused, are primarily used for open redirects in Microsoft-themed phishing attempts. Brazilian government domains are the most frequently abused, followed by other countries. Some compromised government email addresses have also been used as command and control servers for malware like Agent Tesla Keylogger and StormKitty.