Smishing Triad Strikes Again: How 194,000 Malicious Domains Raked in Billions
Unit 42 has unveiled a smishing campaign linked to the Smishing Triad, using over 194,000 malicious domains since 2024. These sneaky threat actors impersonate services like USPS and toll services, tricking users globally. With a PhaaS ecosystem, the Triad rakes in billions by targeting brokerage accounts and employing “ramp and dump” stock tactics.
Hot Take:
Ah, the Smishing Triad—sounds like a group of martial arts experts, but instead of breaking boards, they’re breaking into your bank accounts. With a smorgasbord of malicious domains and enough phishing kits to make a catfish blush, these digital scoundrels are turning smishing into a billion-dollar business. Who knew fraud could be so lucrative? Just remember folks, that text about your “unpaid toll” might cost you way more than a quarter.
Key Points:
- Smishing Triad has been linked to over 194,000 malicious domains since January 2024.
- Primarily hosted on U.S. cloud services, despite being registered through Hong Kong.
- The group has made over $1 billion in the past three years via fraudulent schemes.
- Targets have expanded to include brokerage accounts with a significant increase in attacks.
- Their infrastructure involves a vast “phishing-as-a-service” ecosystem with various roles.