According to Netcraft report, hackers managed to break into the sub-domain by exploiting vulnerabilities in the outdated version of web calendar application.
The Web Calendar version 1.2.0 has a critical vulnerability that allows attacker to run arbitrary code.
The phishing page tricks users into handing over their login credentials for the Apple website. After entering the Apple ID and password, it will display second form which asks to victim to enter card details, name, birth date, phone number and few other details. Like the usual phishing pages, once victim submit the details, he will be redirected to legitimate apple site.
Netcraft says the hacker might also have gained access to the internal servers and other information.
"In this case, the hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server." The blog post reads.