Kaspersky Reveals New Phishing Technique

06/10/2026 Technology
Kaspersky Reveals New Phishing Technique - Digital Media Engineering
Kaspersky Reveals New Phishing Technique - Digital Media Engineering

The Rise of Cloud Platform Abuse in Phishing Campaigns

Cybercriminals have evolved their tactics to leverage popular cloud platforms, making phishing attacks more convincing, scalable, and harder to detect. Recently, security firms identified a disturbing trend: attackers using Tencent EdgeOne Pages, a cloud-based web application hosting service, to craft and distribute highly credible phishing scams.

Kaspersky Reveals New Phishing Technique - Digital Media Engineering

Understanding Tencent EdgeOne and Its Appeal to Attackers

Tencent EdgeOne is a legitimate service that enables users to rapidly design, launch, and host web applications without extensive coding knowledge. Its ease of use and fast deployment make it an attractive tool for malicious actors. By exploiting this platform, attackers can create as many convincing fake login pages as needed, directly within a trusted infrastructure.

How Attackers Abuse Cloud Platforms for Phishing

Cybercriminals follow a systematic approach when deploying phishing campaigns through cloud platforms like Tencent EdgeOne:

  1. Creating Phishing Pages: Attackers deploy fake login pages mimicking reputable organizations—banks, email services, social media platforms—inside the cloud hosting environment.
  2. Using Trusted Domains: They host these malicious pages on credible domains or register new ones that look legitimate, further increasing user trust.
  3. Rapid Deployment: Thanks to drag-and-drop features and no-code solutions, scammers can generate hundreds of phishing sites within minutes.
  4. Concealed Infrastructure: Since these pages operate from reliable cloud IPs, security solutions struggle to block them effectively, allowing these sites to remain operational longer.

How Cybercriminals Trick Users into Giving Away Credentials

The phishing process begins with a realistic email that appears to originate from a trusted source—such as a company’s IT support or their bank. These messages often state that the user’s account needs urgent verification or update due to suspicious activity. They contain a convincing call-to-action link that directs users to the fake site hosted within the cloud platform.

Step-by-Step Breakdown of a Typical Phishing Attack

Step 1: Crafting the Fake Email
Attackers design personalized emails with authentic branding, incorporating elements like logos, corporate language, and sender addresses that mimic official communications.
Step 2: Inserting the Malicious Link
The email includes a link that appears legitimate but redirects to a phishing webpage hosted on Tencent EdgeOne’s infrastructure.
Step 3: Victim Interaction
When the recipient clicks the link, they are taken to a page that looks identical to the real login portal, encouraging them to enter their credentials.
Step 4: Credential Harvesting
Data entered by the user is directly transmitted to cybercriminals, who then use or sell this sensitive information.

The Impact of Cloud-based Phishing Attacks

Utilizing cloud platforms like Tencent EdgeOne offers multiple advantages to cybercriminals:

  • Scalability: Attackers can launch thousands of phishing sites simultaneously globally.
  • Resilience: Cloud hosting allows websites to remain online even if some are taken down, thanks to distributed infrastructure.
  • Credibility: Attackers can mimic legitimate sites using trusted infrastructure, increasing the likelihood of user interaction.
  • Stealth: Hijacking trusted cloud infrastructure makes detection more difficult for traditional security tools.

How Organizations Can Protect Themselves

To defend against these sophisticated attacks, companies should implement layered security measures:

  • Employee Education: Regular training on recognizing phishing emails, especially those requesting sensitive data or urgent actions.
  • Advanced Email Filtering: Deploy solutions capable of detecting and blocking scams that use social engineering techniques.
  • Domain and URL Monitoring: Use tools to monitor suspicious domains, especially those mimicking official sites.
  • Threat Intelligence Integration: Incorporate real-time threat feeds to stay updated on emerging techniques and malicious infrastructure.
  • Consistency in Multi-Factor Authentication (MFA): Enable MFA to reduce the risk if user credentials are compromised.

Future Outlook: Beyond Tencent EdgeOne

This abuse of cloud hosting services is unlikely to slow down. Cybercriminals are increasingly adopting no-code and AI-driven tools for a faster, more scalable deployment of malicious content. Therefore, organizations must stay vigilant and adapt their defenses accordingly, focusing on behavioral analytics and proactive threat hunting rather than solely relying on traditional reactive tools.

Be the first to comment

Leave a Reply