216.73.217.22

Shared SSH Keys Expose Phishing Infrastructure Targeting Kuwait

· Published 16/05/2025 16:33 · Modified 21/05/2025 20:56

Export JSON

Essential information

Published
16/05/2025 16:33
Modified
21/05/2025 20:56
Tags
2025-05-16 credential harvesting domain impersonation fisheries infrastructure insurance kuwait phishing ssh keys telecommunications
Related entities
77 observables, 8 techniques (mitre), 4 others

Description

An ongoing campaign targeting 's , , and sectors has been identified, utilizing over 100 domains for . The operation, observed since early 2025, employs cloned login portals and impersonated web pages. The shares operational fingerprints, including reused SSH authentication keys and consistent ASN usage, allowing related assets to be linked. The campaign primarily targets the National Fishing Company of , automotive sector, and Zain . The actors use brand-inspired domain names and transliterations rather than direct typosquatting. Mobile payment lures targeting Zain customers have also been observed, potentially enabling further social engineering attacks.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (77)

  • 89.208.97.251
  • 89.208.113.34
  • 89.208.113.172
  • 78.153.136.29
  • 77.221.153.225
  • 77.221.152.224
  • 46.226.167.145
  • 150.241.93.231
  • 138.124.92.70
  • 138.124.78.35
  • 138.124.58.18
  • 134.124.92.70
  • 109.120.178.145
  • 91.108.240.137
  • 77.221.152.232
  • dl5.xvipx.top
  • zain-kw.pro
  • wtanaya.com
  • wattanuea.com
  • watnnia.com
  • watanyafish.com
  • watenya.com
  • watanyaa10.com
  • watanya2.com
  • watanuya1.com
  • watanuia01.com
  • watanuia.com
  • wataniax.pro
  • wataniaa9.com
  • wataniaa10.com
  • watania01.com
  • tamienz.pro
  • tamcar.pro
  • tameeeny.com
  • syarati.pro
  • nfcq8.com
  • mothedaa.live
  • mothada.pro
  • motahidda2.com
  • motahida2.com
  • motaheda01.com
  • megamail.pw
  • malware.name
  • ilwatanea.com
  • elwattanya1.com
  • elwattanuia.com
  • elwataniaa8.com
  • el-watnneya.com
  • delmoon9.com
  • delmoon5.com
  • delmone9.com
  • delmone11.com
  • delmona5.com
  • dalmonfishy.com
  • dalmonfishs.com
  • dalmon-fishs.com
  • dallmonfish.com
  • dalmon-bh.com
  • awatanaia.com
  • alwtania2.com
  • alwtaneya1.com
  • alwattnya.com
  • alwattny.com
  • alwattnia.com
  • alwattanya.com
  • alwatnnia.com
  • alwatenia4.com
  • alwatanya2.com
  • alwatanniya.com
  • alwataniaa8.com
  • almotheda.com
  • almotahida1.com
  • al-watnya.com
  • al-watanyia.com
  • al-watanyea.com
  • dbe1065a0caaa2d1d89001b505ac1a00c5aee6202225b9897580c3c148ea2537
  • 000e6797a0d6571bf2b4e77f86b1e68c61d23f0369b6a5e96682a9d84b4cbef9

Techniques (MITRE) (8)

Others (4)

  • Kuwait
  • Bahrain
  • Finance
  • Telecommunications

External references