CyberSecurity news
FlagThis - #customers
|
@www.silentpush.com
//
A China-based eCrime group known as the Smishing Triad has expanded its operations, targeting users across more than 121 countries with sophisticated SMS phishing campaigns. Originally focused on impersonating toll road operators and shipping companies, the group has now pivoted to directly target customers of international financial institutions. This expansion is accompanied by a dramatic increase in their cybercrime infrastructure and support staff, signaling a significant escalation in their activities. The group's operations span a diverse range of industries, including postal, logistics, telecommunications, transportation, finance, retail, and public sectors.
The Smishing Triad's infrastructure is vast, utilizing over 8,800 unique IP addresses and stretching across more than 200 Autonomous System Numbers (ASNs). Recent data from server logs analyzed by Silent Push reveal that the group's infrastructure has been highly active, with over one million page visits logged in just 20 days. This suggests that the actual number of SMS phishing messages sent may be significantly higher than the previously estimated 100,000 per day. A large portion of the group's phishing sites are hosted by major Chinese companies, Tencent and Alibaba, indicating a strong connection to Chinese cyberspace. The group's latest tactic involves the introduction of the "Lighthouse" phishing kit, unveiled on a Telegram channel by the developer identified as Wang Duo Yu. This kit targets numerous financial institutions, particularly in Australia and the broader Asia-Pacific region, as well as major Western financial institutions like PayPal, Mastercard, and HSBC. The Lighthouse kit boasts advanced features such as one-click setup, real-time synchronization, and mechanisms to bypass multiple layers of security like OTP, PIN, and 3DS verification, making it a formidable tool for stealing banking credentials. Smishing Triad boasts it has “300+ front desk staff worldwide” supporting the Lighthouse kit, and continues to sell its phishing kits to other threat actors via Telegram.
Share:
References :
Classification:
Aninda Chakraborty@Tech Monitor
//
Western Alliance Bank recently disclosed a data breach impacting 21,899 customers. The incident stemmed from a vulnerability in third-party secure file transfer software, highlighting the risks associated with relying on external vendors for critical operations. Attackers exploited a zero-day vulnerability to exfiltrate sensitive files from the bank's systems, prompting an internal investigation after stolen files were leaked online. The breach occurred between October 12 and October 24 of the previous year, but the vulnerability wasn't disclosed by the vendor until October 27, highlighting the time it can take to discover these issues.
The compromised data included names, Social Security numbers, dates of birth, financial account details, driver’s license numbers, tax identification numbers, and even passport information in some cases. The Clop ransomware gang has been attributed to the breach, adding Western Alliance Bank to its leak site after exploiting vulnerabilities in Cleo Harmony and related software. The bank is offering affected customers one year of credit monitoring as a precaution, while urging heightened vigilance for potential identity theft and fraud.
Share:
References :
Classification:
|