Resecurity has identified a new campaign by the Smishing Triad that is targeting India to steal personal and payment data at scale
Resecurity (USA) identified a new campaign targeting India Post (Department of Posts, India) by the Smishing Triad, which reportedly started amplifying around July 8, 2024, based on multiple victim reports and the detection of new infrastructure set up in the days preceding. India’s massive population (over 1.417 billion) and economy make it a prime target for cybercriminals and fraudsters. The estimated 1 billion smartphone users in India by 2023 will make them a lucrative target for malicious parties. As a result, consumers can expect to be targeted more frequently by foreign cyber threat actors. To carry out large-scale malicious activity, threat actors will focus on smishing campaigns aimed at stealing digital identities.
This month, the group has vastly expanded its attack footprint in India, preparing for the campaign in advance. The actors registered domain names impersonating the India Post around June, but were not actively using them, likely preparing for a large-scale activity, which became visible by July. The goal of this campaign is to steal massive amounts of personal identifiable information (PII) and payment data. Previous episodes of Smishing Triad activity have been described by Resecurity, earlier targeting other geographies, including the U.S., U.K., EU, UAE, KSA, and the most recently Pakistan.
In June, the Press Information Bureau Kerala (PIB), an official agency of the Government of India under the Ministry of Information and Broadcasting, has warned users about the increasing smishing activity and urged citizens to remain vigilant and cautious towards any suspicious messages claiming to be from postal services such as Indian Post, which could be impersonated by fraudsters.
Aggregating stolen digital identity data in large volumes can be an excellent catalyst for cyberespionage. Nation-state actors, in particular, would be highly interested in collecting such information, potentially masking their activities under the guise of traditional cybercrime.
According to the cybersecurity experts, the activity of Smishing Triad is tricky, as from one side the group uses smishing kits to steal credit card information while also distributing malicious code against the energy sector and impersonating major Fortune 100 brands, which have been used in targeted phishing attacks, based on recently uncovered network infrastructure. Moreover, smishing activity will be extremely valuable for both cybercriminals and nation-state actors in the long run, as both will seek to collect digital identity information on a massive scale.
Additional info is provided in the original report here:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, India)