{"id":164705,"date":"2024-06-20T07:29:59","date_gmt":"2024-06-20T07:29:59","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=164705"},"modified":"2024-06-20T07:30:01","modified_gmt":"2024-06-20T07:30:01","slug":"smishing-triad-targets-pakistan","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/164705\/cyber-crime\/smishing-triad-targets-pakistan.html","title":{"rendered":"<\/gwmw>Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale<\/gwmw>"},"content":{"rendered":"
<\/div>\n

Resecurity researchers warn of a new activity of Smishing Triad<\/a>, which has expanded its operations to Pakistan.<\/h2>\n\n\n\n

Resecurity has identified<\/a> a new activity of Smishing Triad<\/a>, which has expanded its operations to Pakistan. The group’s latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage\/SMS. The goal is to steal their personal and financial information.

The code and templates used by the attackers in this smishing kit are consistent with those observed in previous instances of Smishing Triad. Previously, Resecurity described multiple episodes of Smishing Triad activity\u00a0targeting online banking, e-commerce and payment systems customers in other geographies including USA, EU, UAE and KSA.<\/p>\n\n\n

\n
\"Smishing<\/a><\/figure><\/div>\n\n\n


Estimating the global scale of threat actors’ activities, our analysts believe they send between 50,000\u2013100,000 messages daily. To achieve this, they leverage stolen databases acquired from the Dark Web, which contain sensitive personal data of citizens including phone numbers. Pakistan, with a population of over 235.8 million, has experienced multiple data breaches in the first half of 2024, compromising the personal identifiable information (PII) of citizens. These records are then processed at scale using automation tools to distribute SMS spam for malicious and fraudulent purposes.<\/gwmw><\/gwmw><\/p>\n\n\n

\n
\"Smishing<\/a><\/figure><\/div>\n\n\n

Resecurity observed multiple hosts used by attackers operating smishing kits targeting Pakistan’s postal providers, along with Correos, a state-owned postal provider in Spain, observed<\/a> in previous episodes of Smishing Triad activity from July 2023. There were identified multiple domain names mapped to the same IP address 23[.]231[.]48[.]129:<\/p>\n\n\n\n