"The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42. "Although these domains are registered through a Hong Kong-based registrar and use Chinese nameservers, the attack infrastructure is primarily hosted on popular U.S. cloud services," security researchers Reethika Ramesh, Zhanhao Chen, Daiping Liu, Chi-Wei Liu, Shehroze Farooqi, and Moe Ghasemisharif said."
"In a report published earlier this week, Fortra said phishing kits associated with the Smishing Triad are being used to increasingly target brokerage accounts to obtain banking credentials and authentication codes, with attacks targeting these accounts witnessing a fivefold jump in the second quarter of 2025 compared to the same period last year. "Once compromised, attackers manipulate stock market prices using 'ramp and dump' tactics," security researcher Alexis Ober said."
"These campaigns have proven to be lucrative, allowing the threat actors to make more than $1 billion over the last three years, according to a recent report from The Wall Street Journal. The adversarial collective is said to have evolved from a dedicated phishing kit purveyor into a "highly active community" that brings together disparate threat actors, each of whom plays a crucial role in the phishing-as-a-service (PhaaS) ecosystem. This includes phishing kit developers, data brokers (who sell target phone numbers),"
More than 194,000 malicious domains tied to an ongoing smishing campaign have been registered since January 1, 2024, targeting services worldwide. Domains are registered through a Hong Kong-based registrar with Chinese nameservers, while core infrastructure is hosted on popular U.S. cloud services. The activity is attributed to a China-linked Smishing Triad that sends fraudulent toll violation and package misdelivery notices to trick recipients into revealing sensitive data. Phishing kits have expanded to target brokerage accounts for banking credentials and authentication codes, enabling stock manipulation via 'ramp and dump' schemes. The ecosystem includes phishing kit developers and data brokers, generating over $1 billion in proceeds.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]