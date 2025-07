DUBAI, DUBAI, UNITED ARAB EMIRATES, July 23, 2025 /EINPresswire.com/ -- ANY.RUN, a leading provider of threat analysis and intelligence, has released a detailed case study on phishing attacks exploiting DHL branding. The research uncovers crucial insights into early detection of supply chain attacks and offers practical steps for businesses to identify such threats.

๐ƒ๐‡๐‹ ๐’๐ฉ๐จ๐จ๐Ÿ๐ข๐ง๐ ๐€๐ญ๐ญ๐š๐œ๐ค ๐€๐ ๐š๐ข๐ง๐ฌ๐ญ ๐„๐ง๐ž๐ซ๐ ๐ฒ ๐ˆ๐ง๐๐ฎ๐ฌ๐ญ๐ซ๐ฒ ๐†๐ข๐š๐ง๐ญ

In an attack investigated by the team at ANY.RUN, threat actors impersonating DHL targeted Meralco, a major utility company in the Philippines, with deceptive emails designed to steal credentials.

โ— ๐Œ๐š๐ฅ๐ข๐œ๐ข๐จ๐ฎ๐ฌ ๐€๐ญ๐ญ๐š๐œ๐ก๐ฆ๐ž๐ง๐ญ ๐“๐š๐œ๐ญ๐ข๐œ๐ฌ: The email contained a file posing as a shipping invoice. When opened, it displayed a fake DHL-styled login page, prompting the user to enter credentials.

โ— ๐‚๐ซ๐ž๐๐ž๐ง๐ญ๐ข๐š๐ฅ ๐„๐ฑ๐Ÿ๐ข๐ฅ๐ญ๐ซ๐š๐ญ๐ข๐จ๐ง ๐ฏ๐ข๐š ๐“๐ก๐ข๐ซ๐-๐๐š๐ซ๐ญ๐ฒ ๐’๐ž๐ซ๐ฏ๐ข๐œ๐ž: The login form sent entered data to a legitimate online form handler abused to collect stolen credentials.

โ— ๐‘๐ž๐ฎ๐ฌ๐ž๐ ๐ˆ๐ง๐Ÿ๐ซ๐š๐ฌ๐ญ๐ซ๐ฎ๐œ๐ญ๐ฎ๐ซ๐ž ๐€๐œ๐ซ๐จ๐ฌ๐ฌ ๐‚๐š๐ฆ๐ฉ๐š๐ข๐ ๐ง๐ฌ: Historical analysis found over 200 phishing samples leveraging the form handling service.

This case study highlights the technical methods used in modern supply chain phishing campaigns, from impersonation and infrastructure abuse to payload delivery and credential capture, and offers valuable indicators of compromise (IOCs) for defenders.

๐‡๐จ๐ฐ ๐๐ฎ๐ฌ๐ข๐ง๐ž๐ฌ๐ฌ ๐”๐ฌ๐ž ๐€๐๐˜.๐‘๐”๐ ๐ญ๐จ ๐ƒ๐ž๐ญ๐ž๐œ๐ญ ๐’๐ฎ๐ฉ๐ฉ๐ฅ๐ฒ ๐‚๐ก๐š๐ข๐ง ๐€๐ญ๐ญ๐š๐œ๐ค๐ฌ ๐„๐š๐ซ๐ฅ๐ฒ

Businesses utilizing ANY.RUN's solutions gain a significant edge in identifying and mitigating supply chain attacks, ensuring robust defense against cyber threats.

By safely interacting with suspicious emails, files, and URLs in a controlled sandbox environment, businesses can instantly identify and understand malware and phishing, ensuring they donโ€™t spread further.

With access to TI Lookupโ€™s searchable database of recent threats, businesses can swiftly verify if artifacts in alerts are linked to specific attacks, enabling rapid response and strengthened security measures.

๐€๐›๐จ๐ฎ๐ญ ๐€๐๐˜.๐‘๐”๐

ANY.RUN is an interactive malware analysis and threat intelligence provider trusted by SOCs, CERTs, MSSPs, and cybersecurity researchers. The companyโ€™s solutions are leveraged by 15,000 corporate security teams for incident investigations worldwide.

With real-time visibility into malware behavior, a focus on real-time interaction and actionable intelligence, ANY.RUN accelerates incident response, supports in-depth research, and helps defenders stay ahead of evolving threats.

