Server-Side Phishing: How Credential Theft Campaigns Are Hiding in Plain Sight
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This analysis explores an ongoing phishing campaign targeting employee and member portals using a PHP-based phishing kit. The campaign has evolved from using client-side redirects to server-side credential validation, making detection more challenging. Multiple domains impersonating corporate login portals were identified, hosted on infrastructure linked to Chang Way Technologies Co. Limited. The phishing pages employ sophisticated tactics, including two-factor authentication bypasses and decoy content. The campaign's infrastructure and techniques suggest a persistent, possibly state-linked threat actor adapting their methods to evade detection and maintain access to enterprise environments.
OPENCTI LABELS :
server-side phishing
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Server-Side Phishing: How Credential Theft Campaigns Are Hiding in Plain Sight