Reddit NetSec

CVE Database V5

AlienVault OTX General

Reddit InfoSec News

Exploit-DB RSS Feed

ThreatFox MISP Feed

CIRCL OSINT Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

An ongoing phishing campaign targeting Kuwait's fisheries, telecommunications, and insurance sectors has been identified, utilizing over 100 domains for credential harvesting. The operation, observed since early 2025, employs cloned login portals and impersonated web pages. The infrastructure shares operational fingerprints, including reused SSH authentication keys and consistent ASN usage, allowing related assets to be linked. The campaign primarily targets the National Fishing Company of Kuwait, automotive insurance sector, and Zain telecommunications. The actors use brand-inspired domain names and transliterations rather than direct typosquatting. Mobile payment lures targeting Zain customers have also been observed, potentially enabling further social engineering attacks.

This ongoing phishing campaign, active since early 2025, targets critical sectors in Kuwait including fisheries, telecommunications, and insurance. The attackers operate a sophisticated infrastructure comprising over 100 domains designed for credential harvesting through cloned login portals and impersonated web pages. A notable technical characteristic of this campaign is the reuse of SSH authentication keys across multiple operational assets, which serves as a unique fingerprint linking related infrastructure components. Additionally, the campaign exhibits consistent use of specific Autonomous System Numbers (ASNs), further aiding in the attribution and tracking of the threat actors' infrastructure. The attackers employ brand-inspired domain names and transliterations rather than simple typosquatting, increasing the likelihood of deceiving targeted users. Particularly, the National Fishing Company of Kuwait, automotive insurance providers, and Zain telecommunications customers are primary targets. The campaign also includes mobile payment lures aimed at Zain customers, potentially facilitating deeper social engineering attacks and financial fraud. The combination of credential harvesting, domain impersonation, and social engineering tactics underscores a multi-faceted approach to compromise user credentials and potentially gain unauthorized access to sensitive systems. The reuse of SSH keys within the attacker infrastructure is a notable operational security lapse that allows defenders to link and potentially disrupt the campaign's infrastructure. Although no known exploits are reported in the wild, the campaign leverages multiple MITRE ATT&CK techniques such as spearphishing via service (T1566.002), domain fronting (T1586.002), and credential dumping (T1589.002), indicating a well-resourced and persistent adversary.

Detailed information about Shared SSH Keys Expose Phishing Infrastructure Targeting Kuwait. Get real-time updates, technical details, and mitigation strategies.

Title	Severity	Type	Source	Date

Threats Tagged 'domain impersonation'

Filter Threats

Threats Tagged 'domain impersonation'

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility