The Smishing Triad: Unveiling the Tactics of Next-Gen Cybercriminals


Published on Sep 4, 2023   —   4 min read

Members Only

As our dependence on digital communication continues to grow, so does the complexity and pace of the cybersecurity threat landscape. Among the new threats that have emerged is 'Smishing,' a specialized type of phishing attack that uses text messages as the medium to trick its targets. A recent article by Resecurity highlights a large-scale smishing campaign targeting US citizens and impersonating the United States Postal Service (USPS). The threat actors, dubbed the "Smishing Triad," are Chinese-speaking cybercriminals who specialize in identity theft and financial fraud. This blog post aims to dissect the intricacies of this campaign, offering insights into its modus operandi, and suggesting preventive measures.

The Anatomy of the Attack

The Smishing Triad primarily uses iMessages sent from compromised Apple iCloud accounts for their fraudulent activities. Unlike traditional smishing campaigns that relied on SMS or calls, this group has adapted to use a method that people generally consider more secure—iMessage. They also offer 'smishing kits' for sale via Telegram IM groups, essentially creating a Fraud-as-a-Service (FaaS) model.

Technical Insights

The discovery of an active SQL-injection vulnerability in the Smishing Triad's smishing kit by Resecurity's HUNTER team adds another layer of complexity to the group's operations. SQL-injection is a code injection technique that attackers use to interfere with the queries an application makes to its database. It's a well-known vulnerability, and its presence in a toolkit designed by a sophisticated cybercriminal group raises several intriguing questions.

This post is for subscribers only

Subscribe now and have access to all our stories, enjoy exclusive content and stay up to date with constant updates.


Already have an account? Sign in

Share on Facebook Share on Linkedin Share on Twitter Send by email

Subscribe to the newsletter

Subscribe to the newsletter for the latest news and work updates straight to your inbox, every week.