Isn't it true, that most large, APT-type attacks, involved spear phishing? I've made this list of spear-phishing attacks (http://spearphishing.blogspot.com), and realized that Stuxnet is the only such attack where spear-phishing did not play key role, that comes to my mind. But surely there were more?
Shared publiclyView activity