In an era where cyber threats continually evolve, understanding sophisticated phishing operations is crucial for developing robust defense strategies. This presentation delves into a detailed analysis of a global phishing campaign that began in May 2022, illustrating the layers of a large-scale operation that impersonated over 340 legitimate companies worldwide through 800 different scam domains. This campaign, orchestrated by Russian actors under the guise of Ukrainian identity, leveraged high-quality, single-page applications to create dynamically convincing counterfeit websites in 48 different languages, deceiving users and capturing sensitive information, including bank and credit card details.
Our investigation reveals the campaign’s clever use of social engineering, and in particular human interactions to target victims. We will discuss our methods for reverse-engineering the attack infrastructure, including the analysis of JavaScript code and phishing site dynamics, which unveiled the scam’s modular nature and its capability to impersonate a vast array of corporate entities across various sectors.