Unit 42, the Palo Alto Networks research team, has discovered one of the largest and most sophisticated smishing campaigns. Since January 2024, more than 194,000 malicious domains have been used worldwide. The campaign is growing in scale and poses a persistent threat to both individuals and organizations.
Smishing, a portmanteau of “SMS” and “phishing,” refers to fraudulent text messages used by cybercriminals to lure victims into sharing their personal or payment information. The campaign is being driven by the Chinese hacker group “Smishing Triad,” which targets victims worldwide. Their phishing pages are carefully designed to mimic the official websites of banks, postal services, and government agencies. Victims are lured into entering personal and financial information, such as national identification numbers, home addresses, payment information, and login credentials.
The hackers leverage a decentralized infrastructure and a phishing-as-a-service model, creating thousands of new domains each week to evade detection. The attacks are well-organized, technologically advanced, and executed through a network of subcontractors collaborating within this criminal ecosystem.
Unit 42 emphasizes that the threat is global and decentralized, with thousands of new domains created daily by attackers. They advise organizations and consumers to remain vigilant, avoid using unknown links or phone numbers, and always verify messages through official channels.
