"Don't feed the toll troll": New threat actor (IMP-1G) engaging in SMS phishing activities, targeting US and Canadian public services. 100+ IOFA domains discovered, with only 10% known to authorities.
Oct. 11, 2024, 8:13 a.m.
Tags
External References
Description
A new threat actor, designated as IMP-1G, has been discovered engaging in SMS phishing activities targeting US and Canadian public services. The campaign focuses on toll roads, mass transit systems, postal services, court payments, municipal payments, and state-owned utility companies across multiple states and provinces. Over 100 Indicator of Future Attack (IOFA) domains have been identified, with only 10% known to authorities. The phishing domains impersonate government payment portals to steal credit card information and personal data. The threat actor also targets financial institutions and cryptocurrency users with similar tactics. Law enforcement agencies have seized some domains, but the majority remain active.
Date
Published: Oct. 11, 2024, 7:58 a.m.
Created: Oct. 11, 2024, 7:58 a.m.
Modified: Oct. 11, 2024, 8:13 a.m.
Indicators
91.142.78.221
62.106.66.180
185.12.14.83
176.123.1.122
195.133.48.87
107.189.16.129
80.249.144.196
194.36.188.32
uscourt-ticket.com
uspsmailupdate.com
us-courtweb.com
tollservicesma.com
tollsbymailsinvoices.com
tollsbymailnyinvoice.com
tollon407-etr.com
texasrmatoll.com
tollbymailsnyinvoice.com
tennessetollinvoices.com
support-theta-token.com
sunpasstollsbill.com
sunpasstollinvoices.com
sunpasstollcheckout.com
sunpassinvoicestolls.com
sunpassinvoice.com
southernconnectortolls.com
sunpassinvoices.com
services-ledger-hardware.com
service-courtus.com
rmatollservices.com
revenuecanadadeposit.com
peachpasstollservices.com
peachpasstolls.com
paybc-infraction.com
paybc-account.com
paybc-fine.com
paturnpiketollsinvoices.com
paturnpikeinvoices.com
paturnpikestolls.com
ontariowebcourt-ca.com
ontariocourts-webpayment.com
ontariocourts-setfines-ca.com
ontariocanadacourt.com
ontario-courtspayment.com
ohioturnpiketolls.org
oh-lanes.com
nycitypayparking.com
nycitypaynotice.com
nycitypayinvoice.com
nycitypay.com
ncquickpassinvoice.com
mysunpasstollsinvoices.com
mysunpassinvoices.com
mygoodtogoinvoice.com
inx-132244.shop
invoicesezdrivematolls.com
indianatollroads.com
illinoistollwayinvoice.com
flsunpasspayhere.com
gapeachpasstolls.com
flpayheresunpass.com
floridasunpassinvoice.com
fastrak-payment.com
ezdrivematolls.com
ezdrivemas.com
ezdrivematoll.com
expresstollinvoice.com
epcor-account.com
drive-ks.org
canadapost-packagecenter.com
depositetransfercanada.com
bcpay-infraction.com
bcpay-accounts.com
bc-infractions.com
bc-fine.com
bayareasf-fastrak.com
bayareafastrakinvoices.com
bayareafastrakstolls.com
bayareafastrakexpresslane.com
bayareafastrakinvoice.com
bayareafastrak-fees.com
alberta-infractions.com
alberta-traffictickets.com
alberta-accounts.com
a25-bridgepayment.com
Attack Patterns
IMP-1G
T1608.004
T1566.003
T1585
T1608.001
T1589
T1586
T1608.005
T1566.002
T1584
Additional Informations
Energy
Transportation
Finance
Government
Canada
United States of America