216.73.216.204

The Smishing Deluge: China-Based Campaign Flooding Global Text Messages

· Published 24/10/2025 11:22 · Modified 24/10/2025 11:50

Export JSON

Essential information

Published
24/10/2025 11:22
Modified
24/10/2025 11:50
Tags
2025-10-24 phaas phishing smishing
Related entities
35 observables, 1 intrusion sets (apt), 3 techniques (mitre), 22 others

Description

An extensive campaign attributed to the Triad is targeting global users with fraudulent toll violation and package misdelivery notices. The operation has expanded beyond the U.S., impersonating international services across critical sectors like banking, healthcare, and law enforcement. The campaign utilizes a decentralized infrastructure with over 194,000 malicious domains registered since January 2024, primarily through a Hong Kong-based registrar. The attack employs sophisticated social engineering tactics and realistic pages to collect sensitive information. The campaign's scale and complexity suggest it is powered by a large -as-a-service operation, posing a widespread threat to individuals worldwide.

External references