CyberSecurity news

FlagThis - #credentialtheft

@cyble.com //

LogoKit Used for Phishing Government, Banking, Logistics

Cyble threat intelligence researchers have uncovered a global phishing campaign leveraging the LogoKit phishing kit. This sophisticated kit is being used to target government, banking, and logistics sectors. The initial discovery stemmed from a phishing link mimicking the Hungary CERT login page, highlighting the campaign's ability to impersonate legitimate websites to steal credentials.

The LogoKit is designed to enhance credibility and increase the likelihood of successful credential theft. The phishing attacks often embed the victim's email address in the URL, pre-filling the username field on the spoofed login page. This personalized approach, combined with the kit's ability to dynamically generate convincing phishing pages, makes it a potent threat. CRIL analyzes show that the kit uses brand assets from Clearbit and Google Favicon to create realistic-looking login pages.

These phishing campaigns are part of a larger trend of surging identity attacks. Reports indicate a significant increase in cyberattacks targeting user logins. Cybercriminals are increasingly turning to sophisticated phishing-as-a-service platforms to conduct BEC schemes and ransomware disasters. Organizations should implement strong DNS security measures to protect against such threats.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • thecyberexpress.com: Cyble threat intelligence researchers identified a phishing campaign aimed at Hungarian government targets that further investigation revealed was connected to wider global attack campaigns targeting the banking and logistics sectors.
  • cyble.com: The initial phishing link we identified mimicked the Hungary CERT login page, with the victim's email address prefilled in the username field to enhance credibility and increase the likelihood of credential submission.
  • The Register - Security: Phishing platforms, infostealers blamed as identity attacks soar
  • cyble.com: Cyble's blog post on the LogoKit phishing campaign being leveraged for credential theft.
  • Security Risk Advisors: 🚩 Active LogoKit Phishing Campaign Harvests Credentials Through Automated Brand Impersonation on Cloud Infrastructure
Classification:
  • HashTags: #Phishing #LogoKit #CredentialTheft
  • Company: Cyble
  • Target: Government, Banking, Logistics
  • Product: LogoKit
  • Feature: Credential harvesting
  • Malware: LogoKit
  • Type: Phishing
  • Severity: Major

Posts

Blogs

Research Tools