On June 2, 2025, CyberCX, an Australian online security firm, revealed a year-long phishing campaign that has compromised over 2,300 business websites globally, including 79 in Australia.

The report, titled DarkEngine, identified at least 2,353 compromised websites from various countries, including Australia, the UK, and Canada.

Katherine Mansted, CyberCX's intelligence director, noted that the criminals behind this operation are highly motivated by financial gain and aim to steal as many credentials as possible.

The campaign highlights a troubling trend, as stolen credentials have now surpassed email phishing as the leading cause of online attacks, indicating a professionalization of the cybercrime ecosystem.

Criminals employed 'search engine optimisation poisoning' to distribute hacked versions of a popular website management tool, which facilitated the installation of malicious code.

The malicious code included fake CAPTCHA features designed to deceive users and gather personal information.

Website visitors are advised to critically assess CAPTCHA features that appear unprofessional or request unusual actions, such as entering code into a command prompt.

Individuals potentially affected by the campaign are urged to change their passwords, use password managers, and enable multifactor authentication.

In April 2025, stolen passwords from this campaign were linked to a significant theft of $750,000 from 10 AustralianSuper accounts, as confirmed by National Cyber Security Coordinator Lieutenant General Michelle McGuinness.

The targeted Australian businesses include a children's education provider and three strip clubs, showcasing the campaign's broad range.

This extensive phishing campaign underscores the need for heightened vigilance among consumers while navigating websites.

Mansted described the evolution of cybercrime as a professionalisation and industrialisation of the ecosystem, suggesting an increase in such campaigns.