CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Smishing Triad's Global Phishing Campaign Targets 194,000 Domains

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A China-linked threat actor group, the Smishing Triad, has been linked to over 194,000 malicious domains used in a global smishing campaign since January 1, 2024. The campaign targets various services worldwide, including the U.S. Postal Service and toll services. The group has evolved into a highly active community within the phishing-as-a-service (PhaaS) ecosystem, generating over $1 billion in the last three years. The domains are registered through a Hong Kong-based registrar and use Chinese nameservers, but the infrastructure is hosted on U.S. cloud services. The campaign employs rapid domain churn to evade detection and uses a variety of tactics to trick users into providing sensitive information.

Timeline

  1. 24.10.2025 21:35 1 articles · 23h ago

    Smishing Triad's Global Phishing Campaign Linked to 194,000 Domains

    Since January 1, 2024, the Smishing Triad has been linked to over 194,000 malicious domains used in a global smishing campaign. The campaign targets various services worldwide, including the U.S. Postal Service and toll services. The group has evolved into a highly active community within the phishing-as-a-service (PhaaS) ecosystem, generating over $1 billion in the last three years. The domains are registered through a Hong Kong-based registrar and use Chinese nameservers, but the infrastructure is hosted on U.S. cloud services. The campaign employs rapid domain churn to evade detection and uses a variety of tactics to trick users into providing sensitive information.

    Show sources
    Open in new tab

Information Snippets