Why would they steal credentials when governments already have fake accounts for this exact purpose (see UK’s JTRIG from the Snowden documents)

… you also have to remember that the JTRIG leaked docs were about a decade before LLMs, so you could imagine tooling these days is 100x a they used to have