This presentation investigates the infrastructure of a Phishing-as-a-Service (PhaaS) operation, focusing on the significant Chinese underground phishing ecosystem. China has emerged as a key player in the global phishing landscape, with several active PhaaS platforms such as Magic-cat (Darcula), LightHouse, or Panda Shop. These services offer streamlined methods for novice phishers to embark on their phishing careers. Since November 2024, our research has focused on an active PhaaS operator that has developed numerous phishing kits for various services worldwide. We have unveiled a sophisticated PhaaS infrastructure that employs open-source software and a Docker-based management system for deploying phishing kits. Furthermore, the operator customizes phishing kits, allowing for targeted attacks, including synchronized phishing techniques designed to bypass multi-factor authentication and collect credit card information. Through victimology research, we analyzed over 40 distinct phishing kits, revealing significant trends in targeting patterns and the phishing kit development cycle dynamics during the PhaaS's active period. Additionally, this research provided valuable insights into the infrastructure and the backgrounds of the individuals involved. By profiling the operators' dual roles as administrators and developers of PhaaS, we have enhanced the understanding of China's competitive and evolving underground phishing ecosystem. To address the growing threat of phishing, we propose a set of strategies for effectively monitoring phishing campaigns and mitigating the impact of the escalating incidents of fraud.