A large-scale smishing campaign launched since April 2024 involves impersonation of various services, including healthcare, banking, and government agencies, primarily targeting US users but also affecting numerous other countries. The campaign is highly decentralized, utilizing over 194,000 malicious domains, and is linked to the Chinese-speaking threat group known as the Smishing Triad. #SmishingTriad #PhishingKits
Keypoints
- The campaign has used over 194,000 malicious domains since January 2024 to impersonate multiple organizations.
- It employs a decentralized infrastructure, making detection and takedown efforts more difficult.
- The threat actor behind the campaign is known as the Smishing Triad, active since at least 2023.
- Most domains used in the attack have a lifespan of less than two weeks, with frequent turnover.
- Victims are mainly US users, but the attack also impacts countries across Europe, Asia, and the Middle East.
Read More: https://www.securityweek.com/massive-china-linked-smishing-campaign-leveraged-194000-domains/