Threat actors have been linked to a massive ongoing smishing campaign that has exploited over 194,000 malicious domains since the beginning of 2024, targeting various global services. These findings come from researchers at Palo Alto Networks’ Unit 42, who note that the domains are primarily registered through a Hong Kong-based service but hosted mainly on popular U.S. cloud platforms.
The malicious group responsible has been identified as the Smishing Triad, known for bombarding mobile devices with fraudulent notifications regarding toll violations and package misdeliveries. This deceitful tactic aims to trick users into divulging sensitive information. In total, these campaigns have reportedly generated over $1 billion in illicit revenue over the last three years.
Recent reports by Fortra highlight the use of phishing kits linked to the Smishing Triad, focusing increasingly on brokerage accounts to acquire banking credentials and authentication codes. Notably, this type of attack has seen a fivefold increase compared to last year.
The perpetrators have evolved from merely providing phishing kits to forming a collaborative ecosystem that includes various roles such as phishing kit developers, data brokers, domain sellers, and spammers, facilitating a phishing-as-a-service (PhaaS) model.
Analysis from Unit 42 indicates that nearly 93,200 of the total identified root domains are registered under a specific registrar in Hong Kong. A significant chunk consists of ".com" domains, alongside a recent rise in ".gov" domain registrations.
Out of the identified domains, a vast majority are short-lived: 29% were active for merely two days, while 71% remained active for less than a week, demonstrating a strategy focused on continuously cycling through newly registered domains to evade detection.
The report also details that the U.S. Postal Service is the most impersonated service in these campaigns, with a corresponding number of fraudulent domains. Additionally, services related to toll notifications dominate the phishing categories, with about 90,000 dedicated phishing domains targeting victims.
Unit 42 emphasizes that this smishing operation is extensive and global, watering down its threat potential by registering and discarding thousands of domains daily.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.