The operation used a sophisticated phishing kit designed to impersonate the login and payment pages of Aruba S.p.A., stealing customer credentials and credit card details.