216.73.217.22

"Don't feed the toll troll": New threat actor (IMP-1G) engaging in SMS phishing activities, targeting US and Canadian public services. 100+ IOFA domains discovered, with only 10% known to authorities.

· Published 11/10/2024 07:58 · Modified 11/10/2024 08:13

Export JSON

Essential information

Published
11/10/2024 07:58
Modified
11/10/2024 08:13
Tags
2024-10-11 government services identity theft iofa domains public utilities smishing sms phishing toll fraud
Related entities
84 observables, 1 intrusion sets (apt), 9 techniques (mitre), 6 others

Description

A new threat actor, designated as IMP-1G, has been discovered engaging in activities targeting US and Canadian public services. The campaign focuses on toll roads, mass transit systems, postal services, court payments, municipal payments, and state-owned utility companies across multiple states and provinces. Over 100 Indicator of Future Attack (IOFA) domains have been identified, with only 10% known to authorities. The phishing domains impersonate government payment portals to steal credit card information and personal data. The threat actor also targets financial institutions and cryptocurrency users with similar tactics. Law enforcement agencies have seized some domains, but the majority remain active.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (84)

  • 91.142.78.221
  • 62.106.66.180
  • 185.12.14.83
  • 176.123.1.122
  • 195.133.48.87
  • 107.189.16.129
  • 80.249.144.196
  • 194.36.188.32
  • uscourt-ticket.com
  • uspsmailupdate.com
  • us-courtweb.com
  • tollservicesma.com
  • tollsbymailsinvoices.com
  • tollsbymailnyinvoice.com
  • tollon407-etr.com
  • texasrmatoll.com
  • tollbymailsnyinvoice.com
  • tennessetollinvoices.com
  • support-theta-token.com
  • sunpasstollsbill.com
  • sunpasstollinvoices.com
  • sunpasstollcheckout.com
  • sunpassinvoicestolls.com
  • sunpassinvoice.com
  • southernconnectortolls.com
  • sunpassinvoices.com
  • services-ledger-hardware.com
  • service-courtus.com
  • rmatollservices.com
  • revenuecanadadeposit.com
  • peachpasstollservices.com
  • peachpasstolls.com
  • paybc-infraction.com
  • paybc-account.com
  • paybc-fine.com
  • paturnpiketollsinvoices.com
  • paturnpikeinvoices.com
  • paturnpikestolls.com
  • ontariowebcourt-ca.com
  • ontariocourts-webpayment.com
  • ontariocourts-setfines-ca.com
  • ontariocanadacourt.com
  • ontario-courtspayment.com
  • ohioturnpiketolls.org
  • oh-lanes.com
  • nycitypayparking.com
  • nycitypaynotice.com
  • nycitypayinvoice.com
  • nycitypay.com
  • ncquickpassinvoice.com
  • mysunpasstollsinvoices.com
  • mysunpassinvoices.com
  • mygoodtogoinvoice.com
  • inx-132244.shop
  • invoicesezdrivematolls.com
  • indianatollroads.com
  • illinoistollwayinvoice.com
  • flsunpasspayhere.com
  • gapeachpasstolls.com
  • flpayheresunpass.com
  • floridasunpassinvoice.com
  • fastrak-payment.com
  • ezdrivematolls.com
  • ezdrivemas.com
  • ezdrivematoll.com
  • expresstollinvoice.com
  • epcor-account.com
  • drive-ks.org
  • canadapost-packagecenter.com
  • depositetransfercanada.com
  • bcpay-infraction.com
  • bcpay-accounts.com
  • bc-infractions.com
  • bc-fine.com
  • bayareasf-fastrak.com
  • bayareafastrakinvoices.com
  • bayareafastrakstolls.com
  • bayareafastrakexpresslane.com
  • bayareafastrakinvoice.com
  • bayareafastrak-fees.com
  • alberta-infractions.com
  • alberta-traffictickets.com
  • alberta-accounts.com
  • a25-bridgepayment.com

Intrusion sets (APT) (1)

  • IMP-1G
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:49 · Modified 21/12/2025 07:49

Techniques (MITRE) (9)

Others (6)

  • Canada
  • United States of America
  • Energy
  • Transportation
  • Finance
  • Government

External references