CyberSecurity news
FlagThis
@www.silentpush.com
//
A China-based eCrime group known as the Smishing Triad has expanded its operations, targeting users across more than 121 countries with sophisticated SMS phishing campaigns. Originally focused on impersonating toll road operators and shipping companies, the group has now pivoted to directly target customers of international financial institutions. This expansion is accompanied by a dramatic increase in their cybercrime infrastructure and support staff, signaling a significant escalation in their activities. The group's operations span a diverse range of industries, including postal, logistics, telecommunications, transportation, finance, retail, and public sectors.
The Smishing Triad's infrastructure is vast, utilizing over 8,800 unique IP addresses and stretching across more than 200 Autonomous System Numbers (ASNs). Recent data from server logs analyzed by Silent Push reveal that the group's infrastructure has been highly active, with over one million page visits logged in just 20 days. This suggests that the actual number of SMS phishing messages sent may be significantly higher than the previously estimated 100,000 per day. A large portion of the group's phishing sites are hosted by major Chinese companies, Tencent and Alibaba, indicating a strong connection to Chinese cyberspace.
The group's latest tactic involves the introduction of the "Lighthouse" phishing kit, unveiled on a Telegram channel by the developer identified as Wang Duo Yu. This kit targets numerous financial institutions, particularly in Australia and the broader Asia-Pacific region, as well as major Western financial institutions like PayPal, Mastercard, and HSBC. The Lighthouse kit boasts advanced features such as one-click setup, real-time synchronization, and mechanisms to bypass multiple layers of security like OTP, PIN, and 3DS verification, making it a formidable tool for stealing banking credentials. Smishing Triad boasts it has “300+ front desk staff worldwide” supporting the Lighthouse kit, and continues to sell its phishing kits to other threat actors via Telegram.
ImgSrc: www.silentpush.
References :
The Smishing Triad's infrastructure is vast, utilizing over 8,800 unique IP addresses and stretching across more than 200 Autonomous System Numbers (ASNs). Recent data from server logs analyzed by Silent Push reveal that the group's infrastructure has been highly active, with over one million page visits logged in just 20 days. This suggests that the actual number of SMS phishing messages sent may be significantly higher than the previously estimated 100,000 per day. A large portion of the group's phishing sites are hosted by major Chinese companies, Tencent and Alibaba, indicating a strong connection to Chinese cyberspace.
The group's latest tactic involves the introduction of the "Lighthouse" phishing kit, unveiled on a Telegram channel by the developer identified as Wang Duo Yu. This kit targets numerous financial institutions, particularly in Australia and the broader Asia-Pacific region, as well as major Western financial institutions like PayPal, Mastercard, and HSBC. The Lighthouse kit boasts advanced features such as one-click setup, real-time synchronization, and mechanisms to bypass multiple layers of security like OTP, PIN, and 3DS verification, making it a formidable tool for stealing banking credentials. Smishing Triad boasts it has “300+ front desk staff worldwide” supporting the Lighthouse kit, and continues to sell its phishing kits to other threat actors via Telegram.
ImgSrc: www.silentpush.
Share:
References :
- krebsonsecurity.com: China-based SMS Phishing Triad Pivots to Banks - Krebs on Security
- www.silentpush.com: Silent Push blog on Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Intros New Banking Phishing Kit
- gbhackers.com: GBHackers article on Smishing Triad
- Cyber Security News: CyberPress report on Chinese eCrime Group Launches Global Attack to Steal Banking Credentials from Users in 120+ Countries
- securityonline.info: Smishing Triad: eCrime Group Targets 121+ Countries with Advanced Smishing
- Security Latest: Smishing Triad: The Scam Group Stealing the World’s Riches