Eggcop

A 2.9 GB Telegram exfiltration archive places 845 credential-theft packages and the operators themselves in Ho Chi Minh City. The cluster operates a corporate front, eggcop.com, with eight identified staff mailboxes and one strongly attributed individual operator.

The Vietnamese-aligned cluster I track as EGGCOP has pivoted. The LinkedIn approach is now joined by a second vector working through industry conference registration channels. The defensive read has shifted.