ZeroFox Intelligence Flash Report - Spamming Package Targeting the U.S. SSA Advertised on DDW

Product Serial: F-2026-06-15a

TLP:CLEAR

In this Flash Report, ZeroFox researchers report on a recently advertised spam distribution package targeting the U.S. SSA on the predominantly Russian-language DDW forum Exploit.

Standing Intelligence Requirements

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download

View the full report here

Key Findings

On June 6, 2026, untested threat actor “mailerborn” advertised a spam distribution package targeting the U.S. Social Security Administration (SSA) on the predominantly Russian-language deep and dark web (DDW) forum Exploit.
Mailerborn joined Exploit on May 21, 2026, and has made nearly 30 posts as of reporting but has garnered only one reputation point.
The claimed features of the package—including a command loader that can evade common security controls, access to about 500 corporate Simple Mail Transfer Protocol (SMTP) servers, and per-recipient email generator—are likely to enhance phishing capabilities.
Although ZeroFox has previously observed similar spam-related services—including email bombing and SMS spamming tools—on underground forums, this is likely a dedicated offering built around SSA-themed lures.