The Reveal Platform
Intel Name: Uncovering a multi-stage phishing kit targeting italy’s infrastructure
Date of Scan: November 19, 2025
Impact: Medium
Summary: A highly automated, multi-stage phishing kit has been uncovered impersonating the major Italian IT provider Aruba S.p.A., a company central to Italy’s digital infrastructure. The kit uses CAPTCHA filtering, data pre-filling, and Telegram-based exfiltration to steal credentials and payment information efficiently and stealthily. Its design reflects the broader rise of phishing-as-a-service (PhaaS), where phishing tools are built and operated like commercial SaaS products. This industrialization makes modern phishing campaigns more scalable, convincing, and difficult to detect—transforming them into a full-fledged criminal supply chain rather than isolated scams.
