Kaspersky Uncovers New AI-Powered Corporate Phishing Technique

Kaspersky researchers have identified a phishing campaign that abuses Tencent EdgeOne Pages, a legitimate AI-powered web application hosting platform, to steal corporate login credentials. Over the past 30 days, more than 8,000 phishing emails in English, Korean, and Russian have targeted employees across industries, including government, sales, and manufacturing. Attackers use trusted EdgeOne domains to host convincing phishing pages, making detection more difficult. Victims receive emails posing as IT support, HR, or other corporate departments and are urged to update account information. Once users enter their credentials on fake login pages, the data is transmitted directly to attacker-controlled servers.

"We are seeing a continuation of the trend in which attackers use AI and no-code platforms as part of their phishing infrastructure. We've previously observed a similar scheme using the Bubble platform, and here we have yet another example. While the communication used in these phishing attacks is typical and has been used before multiple times, the attack technique itself significantly lowers the barrier to entry for attackers and accelerates the creation of phishing resources. Previously this required at least basic web development skills, but now an infrastructure for fraudulent emails can be created in minutes," comments Roman Dedenok, Anti-Spam Expert at Kaspersky.

To reduce the risk of phishing attacks, Kaspersky advises organizations to educate employees about entering credentials only on verified company platforms, deploy strong security solutions to block malicious websites, implement advanced email anti-phishing protections, and continuously monitor evolving cyber threats through up-to-date threat intelligence and security operations.