Technological Advancements

Kaspersky phishing attack targets global manufacturers

Kaspersky phishing attack has uncovered a sophisticated multi-stage cyber campaign targeting manufacturing facilities across Europe, Asia and the Middle East, with attackers attempting to steal sensitive corporate credentials through carefully crafted phishing emails.


Kaspersky phishing attack reveals sophisticated credential theft campaign targeting factories


Cybersecurity researchers at Kaspersky say the ongoing campaign, first detected in April 2026, demonstrates how cybercriminals are increasingly using more advanced and convincing phishing techniques to compromise businesses. The attacks have affected manufacturing organizations in countries including Malaysia, Egypt, the Czech Republic and Russia.

The campaign begins with attackers posing as potential customers seeking information about industrial products. Victims receive professionally written emails in English requesting details such as product pricing, technical specifications or availability. The messages are designed to appear legitimate and relevant to the recipient’s business operations, increasing the likelihood of engagement.

Rather than immediately attempting to steal credentials, the attackers employ a staged approach. Once a company representative responds to the inquiry, the cybercriminals continue the conversation before sending a link that supposedly contains product technical specifications. In some cases, the link is shared immediately in a follow-up email, while in others it is delivered after further exchanges to strengthen the appearance of authenticity.

When recipients click the provided link, they are redirected to a phishing page that closely resembles a widely used cloud-based PDF document service. The page appears convincing and presents what looks like a legitimate request to access technical documentation.

Users are then taken to an authorization form asking them to enter their corporate email address and password. The page claims the login process is required for security purposes and to prevent unauthorized access to confidential files. In reality, the form is designed solely to capture corporate credentials, allowing attackers to gain unauthorized access to company systems and sensitive business information.

According to Kaspersky, the attack reflects the growing sophistication of spear phishing operations targeting businesses. Instead of relying on mass email campaigns with generic messages, attackers are investing time in researching organizations, understanding industry-specific workflows and creating realistic scenarios that match everyday business communications.

Roman Dedenok, Anti-Spam Expert at Kaspersky, noted that spear phishing campaigns are becoming increasingly complex because attackers recognize that multi-stage attacks significantly improve their chances of success. He added that threat actors often study their intended targets carefully and may also leverage artificial intelligence tools to generate convincing phishing emails or automate parts of the attack process.

The findings highlight the growing importance of manufacturing cybersecurity as industrial companies continue expanding their digital operations and online communications with suppliers and customers. Manufacturing organizations often exchange technical documentation, quotations and product specifications electronically, making them attractive targets for phishing campaigns that imitate routine commercial interactions.

Kaspersky advises organizations to strengthen their defenses through multiple layers of protection rather than relying solely on employee vigilance. The company recommends deploying dedicated email security solutions capable of detecting phishing attempts, spam, business email compromise (BEC), malicious QR code attacks and other email-based threats before they reach employees’ inboxes.

The cybersecurity firm also encourages businesses to provide security teams with up-to-date threat intelligence so they remain informed about the latest tactics, techniques and procedures used by cybercriminals. Access to current intelligence enables organizations to respond more effectively to evolving attack methods.

Employee awareness remains another critical element of defense. Regular cybersecurity training can help staff recognize suspicious emails, identify fraudulent login pages and verify requests before sharing sensitive information. Strengthening corporate email security through continuous awareness programmes and practical phishing simulations can significantly reduce the likelihood of successful credential theft.

As phishing attacks continue to evolve in complexity, cybersecurity experts warn that organizations should expect increasingly targeted campaigns designed to exploit normal business communications. For manufacturers, maintaining robust email protection, employee awareness and proactive threat monitoring will remain essential to defending against sophisticated attacks like the Kaspersky phishing attack.