430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

Resecurity researchers warn of a new activity of Smishing Triad, which has expanded its operations to Pakistan. Resecurity has identified a new activity of Smishing Triad, which has expanded its operations to Pakistan. The group’s latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage/SMS. The goal […]

Smishing Triad

Resecurity researchers warn of a new activity of Smishing Triad, which has expanded its operations to Pakistan.

Resecurity has identified a new activity of Smishing Triad, which has expanded its operations to Pakistan. The group’s latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage/SMS. The goal is to steal their personal and financial information.

The code and templates used by the attackers in this smishing kit are consistent with those observed in previous instances of Smishing Triad. Previously, Resecurity described multiple episodes of Smishing Triad activity targeting online banking, e-commerce and payment systems customers in other geographies including USA, EU, UAE and KSA.

Smishing Triad


Estimating the global scale of threat actors’ activities, our analysts believe they send between 50,000–100,000 messages daily. To achieve this, they leverage stolen databases acquired from the Dark Web, which contain sensitive personal data of citizens including phone numbers. Pakistan, with a population of over 235.8 million, has experienced multiple data breaches in the first half of 2024, compromising the personal identifiable information (PII) of citizens. These records are then processed at scale using automation tools to distribute SMS spam for malicious and fraudulent purposes.

Smishing Triad 3

Resecurity observed multiple hosts used by attackers operating smishing kits targeting Pakistan’s postal providers, along with Correos, a state-owned postal provider in Spain, observed in previous episodes of Smishing Triad activity from July 2023. There were identified multiple domain names mapped to the same IP address 23[.]231[.]48[.]129:

  • ep-gov-pkw[.]cfd
  • ep-gov-ppk[.]cyou
  • ep-gov-ppk[.]icu
  • correosytelegrafos-civ[.]icu
  • correos-es[.]cn

Smishing (SMS phishing) attacks can be deceptive and aim to trick individuals into revealing personal information or clicking on malicious links through text messages to compromise digital identity and steal payment data.

The full report is available here:

https://www.resecurity.com/blog/article/smishing-triad-is-targeting-pakistan-to-defraud-banking-customers-at-scale

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Smishing Triad)