Kaspersky Phishing: Cybersecurity Firm Warns of Multi-Stage Email Attack on Manufacturers
Ongoing campaign targets manufacturing companies across Europe, Asia and the Middle East by stealing corporate login credentials through fake document-sharing links.

Kaspersky warns manufacturers about an ongoing multi-stage phishing campaign targeting corporate credentials.
Kaspersky Phishing researchers have uncovered an ongoing multi-stage cyberattack targeting manufacturing companies across Europe, Asia and the Middle East, with attackers attempting to steal corporate credentials through sophisticated phishing emails.
According to Kaspersky, the campaign began in April 2026 and remains active. The attackers send English-language emails posing as potential customers seeking information about products, including pricing and availability, to establish contact with employees.
If a recipient replies, the attackers send another email containing a link to what appears to be a document with product specifications. The link redirects users to a fake webpage designed to resemble a popular cloud-based PDF service.
vivo X300 FE: Pakistan Teases Compact Flagship with ZEISS Camera and Snapdragon 8 Gen 5
Victims are then asked to enter their corporate email address and password through an alleged security verification form to access the document. Kaspersky said the page is designed to steal login credentials and gain access to sensitive corporate information.
Roman Dedenok, Anti-Spam Expert at Kaspersky, said phishing campaigns are becoming increasingly sophisticated as cybercriminals adopt multi-stage attack methods to improve their chances of success.
He said attackers carefully research organisations to create convincing scenarios tailored to manufacturing companies and are increasingly using artificial intelligence to generate phishing emails and automate parts of their operations.
Kaspersky advised organisations to strengthen email security by deploying dedicated mail server protection capable of detecting phishing attempts, spam, business email compromise (BEC), malicious QR codes and other email-based threats.
The cybersecurity company also recommended using threat intelligence services to stay informed about emerging attack techniques and providing employees with regular cybersecurity awareness training to improve their ability to identify phishing attempts.
