A large-scale smishing campaign linked to China employs over 194,000 malicious domains targeting diverse services globally, primarily hosted on U.S. cloud platforms. This ongoing operation, tied to the Smishing Triad group, has generated over $1 billion in illicit gains in three years by impersonating various organizations and exploiting mobile users. #SmishingTriad #PhishingKits
Keypoints
- The campaign uses rapidly changing domains registered mainly in Hong Kong to evade detection.
- The threat actors impersonate services like USPS, toll providers, and various government agencies on a large scale.
- Phishing kits associated with the campaign are increasingly targeting brokerage and banking accounts.
- Most domains are active for a very brief period, with many lasting less than a week, indicating a focus on rapid churn.
- The infrastructure is highly decentralized, with servers predominantly in the U.S., China, and Singapore, supporting global impersonation efforts.
Read More: https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html