216.73.217.139

APT Targets NetEase 163.com Users with Fake Download Pages & Spoofed Domains

· Published 05/02/2025 00:14 · Modified 05/02/2025 11:17

Export JSON

Essential information

Published
05/02/2025 00:14
Modified
05/02/2025 11:17
Tags
163.com 2025-02-05 apt credential-theft fake download pages netease phishing spoofed domains taiwan
Related entities
9 observables, 1 intrusion sets (apt), 10 techniques (mitre), 4 others

Description

The GreenSpot Advanced Persistent Threat group, operating from since 2007, is targeting users of 's email service. The group employs sophisticated techniques, including and , to steal login credentials. Researchers identified domains mimicking services, with one hosting a malicious login page and others presenting fake large attachment download services. The campaign uses deceptive domain registrations, manipulated TLS certificates, and counterfeit interfaces to harvest credentials. While primarily focused on Chinese targets, this operation highlights the vulnerability of free email services to advanced threat actors and emphasizes the importance of enhanced security measures like multi-factor authentication.

External references