Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations
Threat Actor Meta
Summary
Hide ▲
Show ▼
The Outsider Enterprise has built a coordinated Telegram-run phishing-as-a-service ecosystem, expanding large-scale smishing and credential theft against Americans. The operation lowers the barrier to entry for fraud crews while increasing the speed, volume, and credibility of brand-impersonation attacks.
Related Happenings
Outsider Telegram-run smishing campaign targeting Americans
Campaign
H score47
First: 12.06.2026 21:59
Last: 12.06.2026 21:59
Sources 1
How related:
Outsider's operations, according to the company, are coordinated through Telegram, with the network distributing phishing kits that make it possible for threat actors to push fake text messages that claim to be from trusted brands.
About this happening:
The **Outsider** smishing campaign sent **mass SMS phishing** messages to **Android users** between **May 18 and June 1, 2026**, directing recipients to fraudulent sites and incre...
Outsider Telegram-run smishing campaign targeting Americans
CampaignHow related: Outsider's operations, according to the company, are coordinated through Telegram, with the network distributing phishing kits that make it possible for threat actors to push fake text messages that claim to be from trusted brands.
About this happening: The **Outsider** smishing campaign sent **mass SMS phishing** messages to **Android users** between **May 18 and June 1, 2026**, directing recipients to fraudulent sites and incre...
The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth
Threat Actor Meta
H score26
First: 10.06.2026 17:03
Last: 10.06.2026 17:03
Sources 1
About this happening:
**The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...
The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth
Threat Actor MetaAbout this happening: **The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...
ATHR productized automated vishing platform for credential theft
Threat Actor Meta
H score41
First: 16.04.2026 17:09
Last: 16.04.2026 17:09
Sources 1
About this happening:
ATHR is turning **automated vishing** into a **productized underground service**, lowering the barrier for credential theft across **Google**, **Microsoft**, **Coinbase**, and oth...
ATHR productized automated vishing platform for credential theft
Threat Actor MetaAbout this happening: ATHR is turning **automated vishing** into a **productized underground service**, lowering the barrier for credential theft across **Google**, **Microsoft**, **Coinbase**, and oth...
Triad Nexus expands fraud ecosystem and shifts into emerging markets after 2025 US sanctions
Threat Actor Meta
H score41
First: 14.04.2026 15:00
Last: 14.04.2026 15:00
Sources 1
About this happening:
**Triad Nexus** expanded its fraud ecosystem after **US Treasury sanctions in 2025**, increasing operational scale and shifting into **emerging markets**. The network’s use of **U...
Triad Nexus expands fraud ecosystem and shifts into emerging markets after 2025 US sanctions
Threat Actor MetaAbout this happening: **Triad Nexus** expanded its fraud ecosystem after **US Treasury sanctions in 2025**, increasing operational scale and shifting into **emerging markets**. The network’s use of **U...
Triad Nexus investment scam and brand impersonation campaign targeting emerging markets
Campaign
H score33
First: 14.04.2026 15:00
Last: 14.04.2026 15:00
Sources 1
About this happening:
The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...
Triad Nexus investment scam and brand impersonation campaign targeting emerging markets
CampaignAbout this happening: The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...
Timeline
-
12.06.2026 21:59 1 articles · 3h ago
Outsider infrastructure is identified across 9,000 fake websites
Campaign Scope UpdateGoogle says 9,000 fake websites and more than 1.59 million fraudulent URLs tied to Outsider were identified between November 14, 2025, and April 14, 2026, showing the scale of the phishing service's brand-impersonation infrastructure.
Show sources
- Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing — thehackernews.com — 12.06.2026 21:59
-
12.06.2026 21:59 1 articles · 3h ago
Outsider floods Android users with 2.5 million smishing messages
Victim Impact UpdateIn a two-week period from May 18 to June 1, 2026, Outsider was responsible for 55,000 spam texts flagged by Android users and 2.5 million messages containing links to Outsider-generated websites, indicating large-scale mobile delivery of phishing lures.
Show sources
- Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing — thehackernews.com — 12.06.2026 21:59
-
12.06.2026 21:59 1 articles · 3h ago
Google files lawsuit to dismantle the Outsider smishing network
Legal Policy Action UpdateOn June 12, 2026, Google said it is pursuing legal action against a Chinese cybercrime network accused of using Gemini to generate phishing pages and run SMS smishing campaigns through Outsider, and it is partnering with AT&T, T-Mobile, and Verizon to block the messages from reaching customers.
Show sources
- Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing — thehackernews.com — 12.06.2026 21:59