A cloud-based tool named Xeon Sender has enabled attackers to conduct large-scale SMS spam and phishing campaigns by leveraging legitimate software-as-a-service (SaaS) providers. Xeon Sender, first identified in 2022 and further described in an advisory by SentinelLabs today, has evolved with minimal changes despite multiple cybercriminals claiming authorship. Attribution remains open to interpretation in the context of script-based cloud attack tools where one actor can easily put their name inside a tool to replace the previous author,” said SentinelLabs researcher Alex Delamotte. “Despite many actors claiming this tool as their own, we have observed no significant deviations between known versions. This tool is notable for its ability to send bulk messages using the APIs of nine different SMS providers. Attackers using Xeon Sender require specific API keys and other credentials to interact with these services, which they often obtain from compromised accounts.