A recent digital spying operation targeted at the Tibetan community once again revealed just how little it takes for attackers to mount an effective malicious campaign these days. Researchers at the University of Toronto’s Citizen Lab were able to gain an inside view of the phishing campaign by taking advantage of some sloppy mistakes by the operator. They estimated that during the operation was active, the attackers likely spent a mere $1,068 on infrastructure costs: $878 for domain registration and $190 for renting servers. The sloppiness of the campaign suggests the threat actors were operating with little fear of getting caught.”]