Cofense - Security Awareness Training & Email Threat Detection

Malicious email campaigns abusing Telegram bots rise tremendously in Q1 2023, surpassing all of 2022 by 310%

Share This Article

Q1 of 2023 was filled with many updates and changes to the major malware families used in phishing scams, as well as several notable deviations in tactics, techniques, and procedures (TTPs). Our Cofense Intelligence team issues Active Threat Reports (ATRs) based on observed malicious email threats, and in Q1 we had a 20% increase in ATRs compared to last quarter, and 34% increase compared to Q1 of last year. Below are key highlights and takeaways from the Q1 of 2023.

The key highlights for Q1 2023 include

  • Evasive, malicious campaigns abusing Telegram bots continued to rise tremendously in Q1 2023, outstripping Q4 2022 volume by 397% and surpassing all of 2022 volume by 310%.
  • Credential phishing volume for this quarter was volatile and increased significantly throughout the quarter by 527%. Overall, credential phishing threats increased 40% year-over-year from Q1 2022.
  • Qakbot remained the most successful malware family reaching inboxes, 185% more often than Emotet, despite Emotet’s extremely high dissemination volume.
  • Threat actors experimented with a variety of delivery mechanism combinations, including the notable introduction of OneNote files as a common mechanism for threat during Q1.
  • YouTube was an unexpected addition to the Top 10 .com domains being employed by threat actors, who used open redirects at to point to phishing pages.

Each quarter, Cofense Intelligence has analyzed credential phishing emails that reaches users environments protected by Secure Email Gateways (SEGs). Throughout Q1, Cofense Intelligence observed several changes within the phishing threat landscape which includes changes in threat actor’s tactics, techniques, and procedures (TTPs), as well as data trends such as volume.

For more detailed insights and analysis, here is our complete Q1 2023 Threat Intelligence Review.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.