National Cyber Warfare Foundation (NCWF) Forums


Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale
0 user ratings		2024-06-20 08:29:43
milo
Attacks
 - archive -- 
Resecurity researchers warn of a new activity of Smishing Triad, which has expanded its operations to Pakistan. Resecurity has identified a new activity of Smishing Triad, which has expanded its operations to Pakistan. The group’s latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage/SMS. The goal […


Resecurity researchers warn of a new activity of Smishing Triad, which has expanded its operations to Pakistan.





Resecurity has identified a new activity of Smishing Triad, which has expanded its operations to Pakistan. The group’s latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage/SMS. The goal is to steal their personal and financial information.

The code and templates used by the attackers in this smishing kit are consistent with those observed in previous instances of Smishing Triad. Previously, Resecurity described multiple episodes of Smishing Triad activity targeting online banking, e-commerce and payment systems customers in other geographies including USA, EU, UAE and KSA.





Smishing Triad




Estimating the global scale of threat actors’ activities, our analysts believe they send between 50,000–100,000 messages daily. To achieve this, they leverage stolen databases acquired from the Dark Web, which contain sensitive personal data of citizens including phone numbers. Pakistan, with a population of over 235.8 million, has experienced multiple data breaches in the first half of 2024, compromising the personal identifiable information (PII) of citizens. These records are then processed at scale using automation tools to distribute SMS spam for malicious and fraudulent purposes.





Smishing Triad 3



Resecurity observed multiple hosts used by attackers operating smishing kits targeting Pakistan’s postal providers, along with Correos, a state-owned postal provider in Spain, observed in previous episodes of Smishing Triad activity from July 2023. There were identified multiple domain names mapped to the same IP address 23[.]231[.]48[.]129:






  • ep-gov-pkw[.]cfd




  • ep-gov-ppk[.]cyou




  • ep-gov-ppk[.]icu




  • correosytelegrafos-civ[.]icu




  • correos-es[.]cn





Smishing (SMS phishing) attacks can be deceptive and aim to trick individuals into revealing personal information or clicking on malicious links through text messages to compromise digital identity and steal payment data.





The full report is available here:





https://www.resecurity.com/blog/article/smishing-triad-is-targeting-pakistan-to-defraud-banking-customers-at-scale





Follow me on Twitter: @securityaffairs and Facebook and Mastodon





Pierluigi Paganini





(SecurityAffairs – hacking, Smishing Triad)








Source: SecurityAffairs
Source Link: https://securityaffairs.com/164705/cyber-crime/smishing-triad-targets-pakistan.html

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Attacks


Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.