Kaspersky Warns of Multi-Stage Phishing Attack Targeting Manufacturers Across Europe, Asia and Middle East

Kaspersky Warns of Multi-Stage Phishing Attack Targeting Manufacturers Across Europe, Asia and Middle East

ISLAMABAD: Cybersecurity firm Kaspersky says it has identified an ongoing phishing campaign targeting manufacturing companies across Europe, Asia and the Middle East through fake business inquiries designed to steal corporate login credentials.

The campaign, active since April 2026, begins with English-language emails that appear to come from prospective customers asking about product prices, availability or technical specifications.

According to Kaspersky, the attackers avoid sending a suspicious link in the initial message. Instead, they first engage employees in a business conversation to make the inquiry appear genuine.

If the recipient replies, the attackers later send a link claiming to contain product specifications or other documents relevant to the discussion.

Fake PDF Platform Collects Corporate Passwords

The link directs users to a fraudulent webpage designed to resemble a popular cloud-based service used for viewing or sharing PDF files.

Victims are then asked to enter their corporate email address and password through an authorization form, supposedly to confirm their identity and prevent unauthorized access to the document.

Kaspersky said the page is controlled by the attackers and is intended to capture company login details.

Compromised credentials could allow criminals to access corporate email accounts, internal communications and sensitive business information.

Attackers Build Trust Before Sending Malicious Links

Kaspersky anti-spam expert Roman Dedenok said cybercriminals are increasingly using longer, multi-stage phishing operations because they can appear more credible than traditional attacks.

He said attackers often study targeted companies and prepare messages that reflect the way manufacturing businesses handle customer inquiries and technical documents.

Dedenok added that artificial intelligence tools may be used to improve phishing emails or automate parts of the attack process.

Manufacturing Employees Urged to Verify Requests

Kaspersky advised companies to strengthen email protection and train employees to identify suspicious business correspondence.

Staff should verify unfamiliar customers before opening document links and should avoid entering work passwords on pages reached through unsolicited emails.

Companies were also advised to monitor emerging cyberattack methods and use security tools capable of detecting phishing, malicious messages, business email compromise and other email-based threats.

Kaspersky said the campaign was still active when its warning was issued.

Scroll to Top