The use of the Premium Panel phishing tool by cybercriminals in large-scale campaigns around the world has been highlighted in research conducted by Intrinsec Cti, as revealed in a report. The tools operate through a control panel containing .php pages and .js scripts to collect victims and redirect them to fake pages.
The primary objective of these attacks is to gather account information from sites masquerading as well-known companies across various sectors, with a focus on banking and logistics. The attacks have impacted countries in the Western world as well as regions like Saudi Arabia, Israel, South Africa, Taiwan, Qatar, and Guatemala. The perpetrators deploy their fraudulent pages on compromised domains, temporary hosting, or domains that mimic legitimate company brands.
Intrinsec CTI researchers have devised a methodology for tracking new domains associated with the Premium Panel by utilizing data from unprotected panels like Telegram tokens and identifiers. This approach helps identify the relationships between domains and threats, as well as pinpoint the industries and countries being targeted in the attacks.
Phishing continues to serve as a critical tool for cybercriminals to gain initial access, with tools like the Premium Panel making it easier for even less experienced attackers to launch mass campaigns. This trend has led to a significant surge in global cyber attacks.
The insights derived from this research not only enable companies to respond promptly to incidents but also empower them to proactively identify potential threats, bolstering their cybersecurity posture.