Shared SSH Keys Expose Phishing Infrastructure Targeting Kuwait
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
An ongoing phishing campaign targeting Kuwait's fisheries, telecommunications, and insurance sectors has been identified, utilizing over 100 domains for credential harvesting. The operation, observed since early 2025, employs cloned login portals and impersonated web pages. The infrastructure shares operational fingerprints, including reused SSH authentication keys and consistent ASN usage, allowing related assets to be linked. The campaign primarily targets the National Fishing Company of Kuwait, automotive insurance sector, and Zain telecommunications. The actors use brand-inspired domain names and transliterations rather than direct typosquatting. Mobile payment lures targeting Zain customers have also been observed, potentially enabling further social engineering attacks.
OPENCTI LABELS :
phishing,infrastructure,credential harvesting,telecommunications,insurance,domain impersonation,ssh keys,fisheries,kuwait
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Shared SSH Keys Expose Phishing Infrastructure Targeting Kuwait