On 15 March 2022, CrowdStrike Intelligence provided an update on FANCY BEAR credential phishing campaigns designed to target Ukr[.]net webmail service users (CSA-220282). After the Computer Emergency Response Team of Ukraine (CERT-UA) disclosed FANCY BEAR’s infrastructure on 7 March 2022, the adversary updated its credential-phishing Tactics, Techniques, and Procedures (TTPs) by discarding the spoofed landing page they had used for the webmail service since at least August 2021 and replacing it with a newly designed version. FANCY BEAR also stopped using the webhook[.]site service in favor of Pipedream—another web service that offers similar webhook capabilities.