A new phishing kit is impersonating the Italian IT and web services provider Aruba, according to researchers at Group-IB. The kit is designed to trick users into entering their Aruba credentials, granting attackers access to sensitive accounts.
“Such a target offers significant payoff: compromising a single account can expose critical business assets, from hosted websites to domain controls and email environments,” Group-IB says.
The kit uses tried-and-true phishing tactics to target users with emails that pose as urgent notifications from Aruba.
“The attack usually begins with a classic spear-phishing lure,” the researchers write. “Victims receive an email designed to create a sense of urgency, such as a warning about an expiring service or a failed payment—tactics that Aruba itself warns its customers about. The email contains a link to one of many phishing pages that meticulously mimic the official Aruba.it webmail login portal.”
The phishing kit also has built-in features that allow it to evade detection and automate credential theft.
“Group-IB researchers dissected the phishing kit and found it to be more than a cloned web page — it is a fully automated, multi-stage platform designed for efficiency and stealth,” the researchers write. “It employs CAPTCHA filtering to evade security scans, pre-fills victim data to increase credibility, and uses Telegram bots to exfiltrate stolen credentials and payment information. Every function serves a single goal: industrial-scale credential theft.”
This kit highlights a broader trend of phishing-as-a-service tools fully automating attacks, allowing unskilled threat actors to perform sophisticated operations.
“By tracing the kit’s architecture and Telegram infrastructure, Group-IB analysts have documented how today’s phishing operators mirror legitimate SaaS businesses in structure and scale,” the researchers write. “This industrialization transforms phishing from a series of isolated scams into a sustained, automated supply chain. Understanding this shift is crucial for defenders who must now contend not with individuals, but with an ecosystem that behaves like an agile enterprise.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Group-IB has the story.
With KnowBe4 Defend you can:
