The Smishing Deluge: China-Based Campaign Flooding Global Text Messages
Essential information
- Published
- 24/10/2025 11:22
- Modified
- 24/10/2025 11:50
- Tags
- 2025-10-24 phaas phishing smishing
- Related entities
- 35 observables, 1 intrusion sets (apt), 3 techniques (mitre), 22 others
Description
An extensive smishing campaign attributed to the Smishing Triad is targeting global users with fraudulent toll violation and package misdelivery notices. The operation has expanded beyond the U.S., impersonating international services across critical sectors like banking, healthcare, and law enforcement. The campaign utilizes a decentralized infrastructure with over 194,000 malicious domains registered since January 2024, primarily through a Hong Kong-based registrar. The attack employs sophisticated social engineering tactics and realistic phishing pages to collect sensitive information. The campaign's scale and complexity suggest it is powered by a large phishing-as-a-service operation, posing a widespread threat to individuals worldwide.