🔴 HIGHthreatOct 25, 2025

Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation

Unit 42 researchers have attributed over 194,000 malicious domains to a China-linked group known as the Smishing Triad. The campaign leverages disposable infrastructure hosted primarily on U.S. cloud services to distribute fraudulent SMS messages impersonating financial and government institutions.

🎯CORTEX Protocol Intelligence Assessment

Business Impact: Financial and telecom sectors face increased exposure to large-scale smishing operations. Technical Context: The operation cycles through thousands of newly registered domains daily to evade detection.

⚡Strategic Intelligence Guidance

Implement SMS filtering and domain reputation analysis.
Educate users on fraudulent toll and delivery message patterns.
Correlate mobile threat data with phishing kit activity.
Blacklist associated domain registrars and IP ranges.

Vendors

Unit 42Palo Alto Networks

Threats

Smishing Triad

Targets

TelecomFinance

Impact

Financial:$1B+

Tags

#phishing #smishing #mobile #china #unit42

Intelligence Source: Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation | Oct 25, 2025