APT Targets NetEase 163.com Users with Fake Download Pages & Spoofed Domains

SUMMARY :

The GreenSpot Advanced Persistent Threat group, operating from Taiwan since 2007, is targeting users of NetEase's 163.com email service. The group employs sophisticated phishing techniques, including spoofed domains and fake download pages, to steal login credentials. Researchers identified domains mimicking 163.com services, with one hosting a malicious login page and others presenting fake large attachment download services. The campaign uses deceptive domain registrations, manipulated TLS certificates, and counterfeit interfaces to harvest credentials. While primarily focused on Chinese targets, this operation highlights the vulnerability of free email services to advanced threat actors and emphasizes the importance of enhanced security measures like multi-factor authentication.

OPENCTI LABELS :

apt,phishing,credential theft,taiwan,spoofed domains,fake download pages,163.com,netease


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


APT Targets NetEase 163.com Users with Fake Download Pages & Spoofed Domains