Researchers at Kaspersky have identified a phishing campaign that uses a legitimate AI-powered web hosting platform to help steal corporate login credentials.

The campaign, which has been active over the past 30 days, involved more than 8,000 phishing emails sent in English, Korean and Russian, targeting employees across sectors including government, manufacturing and sales. The attackers used Tencent EdgeOne Pages, a web application hosting service, to create and host fraudulent login pages designed to resemble corporate systems.

According to a press release by Kaspersky, the use of trusted infrastructure made the phishing pages more difficult to detect, as victims were directed to domains associated with a legitimate service. The emails typically impersonated internal departments such as IT support or human resources, urging recipients to update account details. Once entered, credentials were transmitted to servers controlled by the attackers.

Researchers said the technique reflects a broader trend in which attackers are increasingly relying on artificial intelligence (AI) tools and low-code or no-code platforms to build phishing infrastructure more quickly and with less technical expertise.