• Home
• cyber security

Kaspersky researchers have uncovered a new phishing technique targeting corporate users through the abuse of Tencent EdgeOne Pages, a legitimate AI-powered web development and hosting platform, highlighting how cybercriminals are increasingly leveraging trusted cloud services to conduct sophisticated credential theft attacks.

 

According to the cybersecurity company, attackers are exploiting the platform’s AI-assisted website creation capabilities to rapidly generate and deploy phishing pages designed to steal corporate login credentials from employees across multiple industries, including manufacturing, sales, and government organizations.

 

Kaspersky said it detected more than 8,000 phishing emails linked to the campaign over the past month alone, with messages distributed in several languages, including English, Korean, and Russian.

 

Trusted Infrastructure, Hidden Threats

 

Tencent EdgeOne Pages is designed to help users quickly build and host web applications with minimal technical expertise. However, Kaspersky researchers found that threat actors are taking advantage of the platform to create convincing phishing websites within minutes, eliminating the need for advanced web development skills.

 

Because the phishing pages are hosted on legitimate cloud infrastructure and use trusted domains, they are often perceived as safe by both users and some security tools, making detection and prevention more challenging.

 

Researchers noted that this tactic reflects a broader trend in which cybercriminals increasingly abuse legitimate online services and AI-powered development platforms to disguise malicious activity and improve the effectiveness of phishing campaigns.

 

How the Attack Works

 

The attack typically begins with an email that appears to come from a company’s IT or email support team.

 

The message warns recipients that their email credentials are about to expire—often within 48 hours—and claims that failure to update account information could result in disruptions to sending or receiving emails.

 

In other cases, attackers impersonate human resources departments or send fake notifications about documents requiring review or download.

 

When victims click the embedded link, they are redirected to a phishing page hosted through Tencent EdgeOne Pages. The site displays a simple login form requesting the user’s name, email address, and password.

 

Once the credentials are entered, the information is transmitted directly to infrastructure controlled by the attackers, potentially granting unauthorized access to corporate systems and sensitive business data.

 

AI and No-Code Platforms Lower the Barrier for Cybercriminals

 

Roman Dedenok, Anti-Spam Expert at Kaspersky, said the discovery represents another example of how cybercriminals are incorporating AI tools and no-code development platforms into their phishing operations.

 

“We are seeing a continuation of the trend in which attackers use AI and no-code platforms as part of their phishing infrastructure,” Dedenok said.

 

He noted that Kaspersky had previously observed similar campaigns exploiting the Bubble no-code platform and various Google services.

 

“While the phishing messages themselves remain relatively conventional, the attack technique significantly lowers the barrier to entry for threat actors and accelerates the creation of phishing resources. What once required at least basic web development skills can now be accomplished in minutes,” he added.

 

Recommendations for Organizations

 

In response to the growing threat, Kaspersky recommends that organizations strengthen employee awareness programs and reinforce cybersecurity best practices.

 

The company advises employees to enter corporate credentials only through verified company platforms and official portals, while encouraging organizations to deploy advanced anti-phishing technologies and robust email security controls capable of identifying suspicious messages before they reach users.

 

Kaspersky also recommends implementing threat intelligence capabilities and continuously monitoring emerging attack techniques to improve organizational resilience against evolving phishing threats.

 

The findings underscore the growing role of artificial intelligence and no-code technologies in modern cybercrime, as attackers increasingly exploit accessible digital tools to scale operations, enhance credibility, and target organizations worldwide.