Kaspersky discovers new corporate phishing technique using a popular AI-powered web development platform, highlighting how cybercriminals are increasingly exploiting legitimate online services to launch sophisticated phishing attacks against businesses worldwide.
Kaspersky discovers new corporate phishing technique using AI web development platform
Global cybersecurity company Kaspersky has identified a new phishing campaign in which attackers are abusing Tencent EdgeOne Pages, a legitimate AI-powered web application hosting platform, to create convincing phishing websites designed to steal corporate login credentials.
According to Kaspersky’s latest findings, the campaign targets employees across a wide range of industries, including the industrial sector, sales organisations and government institutions. During the past 30 days alone, the cybersecurity firm detected more than 8,000 phishing emails employing this technique in English, Korean and Russian, demonstrating the growing scale of the threat.
The campaign represents another evolution in the use of AI-powered phishing infrastructure, following previous incidents where attackers leveraged trusted platforms such as Google services and Bubble, an AI-powered application builder, to distribute fraudulent login pages.
Tencent EdgeOne Pages is designed to help developers quickly build and deploy web applications with artificial intelligence. However, cybercriminals are now exploiting the platform’s ease of use to create phishing pages within minutes, requiring little or no traditional web development expertise.
One of the reasons the attack is particularly effective is that the phishing pages are hosted on Tencent’s legitimate cloud infrastructure and trusted domains. This allows fraudulent websites to appear credible not only to potential victims but also to some security solutions, making detection significantly more challenging.
In a typical attack, victims receive an email appearing to originate from their company’s email support team. The message warns that the recipient’s email account credentials will expire within 48 hours and claims that failure to update login details could disrupt email services.
Recipients are urged to click a link to verify or update their credentials. However, cybersecurity experts note that attackers frequently adapt the message to suit different scenarios. Similar phishing emails may impersonate human resources departments, document-sharing notifications or internal corporate communications to encourage employees to open malicious links.
Clicking the embedded link directs users to a professionally designed but fraudulent webpage requesting their name, corporate email address and password. The phishing page is intentionally simple, reducing distractions and encouraging users to complete the form quickly. Once the credentials are entered, they are immediately transmitted to servers controlled by the attackers.
Kaspersky discovers new corporate phishing technique at a time when cybercriminals are increasingly combining cybersecurity threats with artificial intelligence tools to automate and accelerate phishing operations.
Roman Dedenok, Anti-Spam Expert at Kaspersky, said the company is witnessing a continuing trend in which attackers leverage AI and no-code development platforms as part of their phishing infrastructure.
He explained that while the phishing messages themselves often use familiar social engineering tactics, the technology behind the attacks has evolved significantly. Previously, creating phishing websites required at least basic web development knowledge. Today, AI-assisted platforms enable attackers to establish convincing phishing infrastructure within minutes, substantially lowering the technical barriers to launching cyberattacks.
The discovery underscores the growing importance of employee awareness alongside technical security controls. As phishing campaigns become more sophisticated and increasingly rely on trusted cloud platforms, businesses face greater challenges in distinguishing legitimate websites from fraudulent ones.
To reduce the risk of credential theft, Kaspersky recommends that organisations educate employees to enter corporate credentials only through verified company platforms. Businesses should also deploy comprehensive security solutions capable of blocking known phishing destinations and implement advanced email security technologies that detect and filter malicious messages before they reach users.
The company further advises organisations to stay informed about evolving cyber threats and integrate current threat intelligence into their security operations. Combining employee education, layered security technologies and proactive monitoring can significantly strengthen an organisation’s resilience against modern phishing attacks.
As attackers continue to exploit legitimate AI-powered services to support fraudulent activities, cybersecurity experts warn that businesses must remain vigilant. The latest findings demonstrate that while artificial intelligence offers significant benefits for productivity and innovation, it is also providing cybercriminals with powerful new tools to expand the scale and sophistication of phishing campaigns.