Smishing Triad, a Chinese eCrime group, has launched an extensive operation targeting users across more than 121 countries.
This campaign, primarily focused on stealing banking credentials, has evolved to include diverse industries, from postal and logistics to finance and retail sectors.
Expansion of Phishing Operations
Recent data from server logs analyzed by Silent Push reveal that Smishing Triad’s infrastructure has been bustling, with over one million page visits logged in just 20 days.
.png
)
This suggests the group’s SMS phishing (smishing) activities could be sending an alarmingly higher volume than the previously reported 100,000 SMS messages per day.
The group’s latest move is the introduction of the “Lighthouse” phishing kit, which signifies a marked advancement in their tactics.
This kit targets numerous financial institutions, particularly in Australia and the broader Asia-Pacific region, and includes real-time synchronization features for quicker theft of bank credentials.
The kit even supports one-click setup and multiple verification methods like OTP, PIN, and 3DS verification, making it a formidable tool in their phishing arsenal.
Smishing Triad’s infrastructure is vast, utilizing over 8,800 unique IP addresses and stretching across more than 200 Autonomous System Numbers (ASNs).
A significant number of their phishing sites are hosted by major Chinese companies, Tencent and Alibaba, highlighting a strong connection to Chinese cyberspace.
Their operations not only involve smishing campaigns but also include techniques like smishing via compromised Apple iCloud accounts and local phone numbers for sending spam.
Targeting Financial Institutions
Since March 2025, the group has escalated their attacks, specifically targeting banks, with a new kit boasting “300+ front desk staff worldwide” to support the fraud schemes.
Notable targets include Australian financial brands like Commonwealth Bank of Australia, National Australia Bank, but also global financial giants such as PayPal, Mastercard, and HSBC.
This indicates a strategic shift towards high-value targets where the return on investment could be significant.
Silent Push is actively tracking Smishing Triad’s activities, working with global partners to dismantle their operations.
However, the group’s prolific domain rotation, with potentially tens of thousands of new domains appearing within an eight-day window, makes tracking and takedown a daunting task.
According to the Report, The sophistication of these operations, coupled with the global nature of the attacks, underscores the importance of cyber hygiene, user awareness, and international collaboration to combat such threats.
The Smishing Triad’s ability to adapt and evolve their phishing kits, alongside their vast infrastructure, poses a significant challenge to cybersecurity experts worldwide.
As digital interactions continue to grow, so does the complexity and reach of cybercrimes like those perpetrated by Smishing Triad.
Their targeting of financial sectors across a vast array of countries signifies a persistent and evolving threat.
It calls for a robust defense strategy involving heightened security measures, active monitoring, user education, and cooperative efforts on an international scale to disrupt these criminal enterprises.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
