Web services giant Aruba spoofed in major phishing scam - here's what to look out for to stay safe

News
By published

Group-IB found a highly sophisticated phishing kit targeting Aruba users

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
(Image credit: weerapatkiatdumrong / Getty Images)
  • Cybercriminals spoofed Aruba using a stealthy, automated phishing framework with CAPTCHA and Telegram bots
  • Phishing pages mimicked Aruba’s webmail portal, stealing credentials via fake service alerts
  • Aruba’s large user base made it a high-value target for industrial-scale credential theft

Security researchers Group-IB have published details of a new scam targeting Aruba users which turned out to be a part of a “sophisticated phishing framework”.

The team found cybercriminals had created a “fully automated, multi-stage platform” providing both efficiency and stealth, employing CAPTCHA filtering to evade security scans, pre-fills victim data to increase credibility, and uses Telegram bots to exfiltrate stolen credentials and payment information.

The goal of the phishing kit is to achieve “industrial-scale credential theft”, Group-IB said, adding that it “drastically lowers” the technical barrier to entry, and enables less skilled actors to launch convincing campaigns at scale, and virtually overnight.

Targeting Aruba

The modus operandi here is rather usual - the attack starts with a carefully crafted email, warning users about an expiring service or a failed payment. These themes were chosen because Aruba itself often warns its customers about them, albeit without the dramatic sense of urgency the phishing emails come with.

The messages come with a link to “one of many” phishing pages that “meticulously mimic” the official Aruba.it webmail login portal, Group-IB added. Victims that do not spot the ruse and try to log in end up relaying their credentials to the attackers via Telegram, who can later either use it, or sell it on the dark web.

Aruba was chosen because it is “deeply embedded in Italy’s digital infrastructure,” Group-IB stressed, adding that it is currently serving more than 5.4 million customers.

“Such a target offers significant payoff: compromising a single account can expose critical business assets, from hosted websites to domain controls and email environments,” the researchers concluded.

Defending against phishing attacks remains simple - think before you click, keep your software updated, and run a strong endpoint protection solution.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.