Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Introduces New Banking Phishing Kit

April 10, 2025, 7:44 p.m.

Description

The Chinese eCrime group Smishing Triad has launched a global SMS phishing campaign targeting over 121 countries across various industries. Their infrastructure generates over one million page visits in 20 days, averaging 50,000 daily. The group has introduced a new 'Lighthouse' phishing kit focusing on banking and financial organizations, particularly in Australia and the Asia-Pacific region. Smishing Triad claims to have '300+ front desk staff worldwide' supporting their operations. They frequently rotate domains, with approximately 25,000 active during any 8-day period. The majority of phishing sites are hosted by Chinese companies Tencent and Alibaba. The campaign primarily targets postal, logistics, telecommunications, transportation, finance, retail, and public sectors.

External References

https://www.silentpush.com/blog/smishing-triad
https://otx.alienvault.com/pulse/67f80a4937d04f9036252cf7
Tags
banking
phishing kit
infrastructure
sms phishing
chinese threat actors
2025-04-10
ecrime
global campaign

Date

  • Created: April 10, 2025, 6:13 p.m.
  • Published: April 10, 2025, 6:13 p.m.
  • Modified: April 10, 2025, 7:44 p.m.

Indicators

  • www-claro.top
  • http://splonline.com.sa/ar
  • pagos.correos.go.cr
  • mndot.us-etce.cc
  • ceshi.appexpress.top
  • za-post-word.top
  • yurticikargoy.cyou
  • yhvxm.icu
  • whetf.xin
  • wbduvn.com
  • uypos.xyz
  • uspssud.info
  • usps-packages-dc.com
  • unogmu.icu
  • ukrspack.click
  • tuyrepost.cc
  • ttspost.sbs
  • trackwpwy.top
  • tigo-gtmc.top
  • thposto.vip
  • thetollroadsll.lol
  • tepco-co-jp.online
  • telkomssel.ink
  • telefonica.com.mx
  • spl-express.help
  • smseexpress.cfd
  • smbc-card.shop
  • slpostgovls.xyz
  • singpposts.top
  • shant.fun
  • serviciopostalgobec.pics
  • psocygb.xin
  • posti-fifi.top
  • posten.top
  • postah.cc
  • posteit.cfd
  • posta-romanam.cc
  • post-word.top
  • post-track.help
  • post-isl.sbs
  • phlppovd.top
  • nzposst-co.top
  • mys-jtexpres.cyou
  • myhermes-at.bond
  • mxups.me
  • mondialrellay.live
  • mapxis.ink
  • m360.com.ph
  • lietuvospost.help
  • isr-aelpost.sbs
  • libyapost.ly
  • indiapost.top
  • info-trackingcoi.cc
  • inposttrack.click
  • hanypost.top
  • hketoll-etc-hk.top
  • globeefd.top
  • geopostl.cfd
  • fwedsfg.top
  • fexpres.lol
  • ewdfb.top
  • evriuk.top
  • estafetau.shop
  • epgovc.top
  • eltade.cc
  • entelclws.top
  • egiuw.top
  • dpd-pack.xyz
  • cttpacks.click
  • correos.gob.sv
  • correos.gob.gt
  • cootrut.site
  • com-billsgowkx.xin
  • clarocloud.com
  • coeetrttgroup.cfd
  • chroonopostfrr.click
  • chamge-a.top
  • canadaapoost.com
  • ceska-post-a.blog
  • business-poste.top
  • busine.cfd
  • btyzywlp.top
  • belpost-by.lol
  • autopistes.asia
  • auspoust.cc
  • at-post.icu
  • aramex.bg
  • aramexaene.com
  • appexpress.top
  • aiisoi.top
  • adffew.top
  • address-4-72.top
  • thetollroads-errp.top
Download all indicators here!

Attack Patterns

  • Smishing Triad

Additional Informations

  • Retail
  • Transportation
  • Finance
  • Telecommunications
  • Government
  • British Indian Ocean Territory
  • South Africa
  • India
  • Australia
  • China
  • Argentina
  • Spain
  • Italy
  • Canada
  • Japan
  • France
  • Germany
  • Mexico
  • United Kingdom of Great Britain and Northern Ireland
  • Brazil
  • United States of America
  • Russian Federation