Researchers at Cyjax describe a large phishing campaign being run by a China-based financially motivated threat actor called “Fangxiao.” The threat actor has been active since at least 2017, and has used more than 42,000 domains in its phishing operations.