Smishing Triad activity on the rise, report finds

Attacks by the Chinese phishing operation Smishing Triad, which consists of thousands of threat actors to support a far-reaching phishing ecosystem, have escalated, according to CyberScoop. Nearly 195,000 domains have been leveraged by Smishing Triad since January 2024, with more than half of the attack domains hosted on U.S.-based IP addresses, a report from Palo Alto Networks Unit 42 revealed. Researchers noted that toll road agencies were the most spoofed category of organizations, while the U.S. Postal Service was the single most impersonated service by Smishing Triad. Additional findings showed the typically short lifespan of Smishing Triad's domains. "We don't necessarily know how many victims we can attribute to this technology or this group. But we know that the number of domains is growing on a daily basis and they're churning through different infrastructure, and that most of the query volume for the domains were towards domains hosted on U.S. IP addresses," said Palo Alto Networks Senior Staff Researcher Reethika Ramesh.