"Don't feed the toll troll": New threat actor (IMP-1G) engaging in SMS phishing activities, targeting US and Canadian public services. 100+ IOFA domains discovered, with only 10% known to authorities.

Oct. 11, 2024, 8:13 a.m.

Tags
smishing
2024-10-11
identity theft
public utilities
government services
toll fraud
iofa domains
sms phishing
External References
Description

A new threat actor, designated as IMP-1G, has been discovered engaging in SMS phishing activities targeting US and Canadian public services. The campaign focuses on toll roads, mass transit systems, postal services, court payments, municipal payments, and state-owned utility companies across multiple states and provinces. Over 100 Indicator of Future Attack (IOFA) domains have been identified, with only 10% known to authorities. The phishing domains impersonate government payment portals to steal credit card information and personal data. The threat actor also targets financial institutions and cryptocurrency users with similar tactics. Law enforcement agencies have seized some domains, but the majority remain active.

Date

Published: Oct. 11, 2024, 7:58 a.m.

Created: Oct. 11, 2024, 7:58 a.m.

Modified: Oct. 11, 2024, 8:13 a.m.

Attack Patterns

IMP-1G

T1608.004

T1566.003

T1585

T1608.001

T1589

T1586

T1608.005

T1566.002

T1584

Additional Informations

Energy

Transportation

Finance

Government

Canada

United States of America