A Chinese-speaking cyber-criminal group known as the “Smishing Triad” has launched an extensive attack on US users [1]. This group primarily uses smishing attacks and has affiliations with other cybercrime groups [1].


The Smishing Triad has recently changed their strategy by exploiting messages from compromised Apple iCloud accounts [1]. They impersonate various postal and delivery services and use iMessage to send package-tracking text scams [2]. Their goal is to collect personally identifiable information and payment credentials for identity theft and credit card fraud [2]. This campaign is unique because it exclusively utilizes iMessages from compromised Apple iCloud accounts as its primary delivery method [2]. The group collaborates with other cyber-criminals and offers a subscription service for their smishing kit, starting at $200 per month [2]. This kit includes activation codes and deployment scripts [1]. In addition to targeting US citizens, the Smishing Triad has also attacked multiple postal and delivery services worldwide and online shopping platforms. They have even sold their smishing kits on Telegram IM groups, creating a network for fraud-as-a-service [1]. Resecurity [2], a cybersecurity company, obtained and reverse engineered one of these kits [2], uncovering an SQL injection vulnerability that allowed them to retrieve data from over 108,000 victims [2]. Smishing attacks continue to evolve and exploit users’ trust in SMS and iMessage communication channels [2]. Resecurity emphasizes the need for consumer awareness and advises organizations to better safeguard their customers [2].


The Smishing Triad’s extensive attack on US users highlights the growing threat of cybercrime. Their exploitation of compromised Apple iCloud accounts and use of iMessage as a delivery method demonstrate the need for improved security measures. The collaboration with other cyber-criminals and the sale of smishing kits on Telegram IM groups further exacerbate the issue. The discovery of an SQL injection vulnerability by Resecurity underscores the importance of proactive cybersecurity measures. As smishing attacks continue to evolve and exploit users’ trust [2], consumer awareness becomes crucial in preventing identity theft and credit card fraud. Organizations must prioritize safeguarding their customers to mitigate the risks posed by cyber-criminal groups like the Smishing Triad.


[1] https://www.hackread.com/chinese-smishing-triad-us-users-cybercrime-attack/
[2] https://www.infosecurity-magazine.com/news/smishing-triad-china-fraud-network/