> Is spoofing an email and sending a PDF/Office exploit really considered sophisticated?
Generically, no, but the details can vary widely. If the email looks exactly like an internal email, and appears to come "from" someone the target knows, and the content references processes, info, or idioms common to that company or person, then that would be pretty darn sophisticated. Not technologically (an email is an email, after all), but socially.
From the technology side, the specifics of the exploit, and what the malware tries to do in the PC/network after the spear phish succeeds, can also indicate varying levels of sophistication. If the spear phish contained a zero-day OS exploit (previously unknown vulnerability), that would be pretty darn sophisticated.
I have no knowledge of the particulars of Gemalto--just speaking generally about how a spear phish attempt might be evaluated.
Generically, no, but the details can vary widely. If the email looks exactly like an internal email, and appears to come "from" someone the target knows, and the content references processes, info, or idioms common to that company or person, then that would be pretty darn sophisticated. Not technologically (an email is an email, after all), but socially.
From the technology side, the specifics of the exploit, and what the malware tries to do in the PC/network after the spear phish succeeds, can also indicate varying levels of sophistication. If the spear phish contained a zero-day OS exploit (previously unknown vulnerability), that would be pretty darn sophisticated.
I have no knowledge of the particulars of Gemalto--just speaking generally about how a spear phish attempt might be evaluated.