Yes, but it is not just about being "more" active.
The things that grabs my attention is that they are being active at all. They could have exploited these leaks any time before.
I had zero phishing emails before, they kept them dormant for 4/5 years and they suddenly exploiting both userbases at the same time.