• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

 | 

Wing FTP Server flaw actively exploited shortly after technical details were made public

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

 | 

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Hacking
  • Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale

Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale

Pierluigi Paganini July 12, 2024

Resecurity has identified a new campaign by the Smishing Triad that is targeting India to steal personal and payment data at scale

Resecurity (USA) identified a new campaign targeting India Post (Department of Posts, India) by the Smishing Triad, which reportedly started amplifying around July 8, 2024, based on multiple victim reports and the detection of new infrastructure set up in the days preceding. India’s massive population (over 1.417 billion) and economy make it a prime target for cybercriminals and fraudsters. The estimated 1 billion smartphone users in India by 2023 will make them a lucrative target for malicious parties. As a result, consumers can expect to be targeted more frequently by foreign cyber threat actors. To carry out large-scale malicious activity, threat actors will focus on smishing campaigns aimed at stealing digital identities.

This month, the group has vastly expanded its attack footprint in India, preparing for the campaign in advance. The actors registered domain names impersonating the India Post around June, but were not actively using them, likely preparing for a large-scale activity, which became visible by July. The goal of this campaign is to steal massive amounts of personal identifiable information (PII) and payment data. Previous episodes of Smishing Triad activity have been described by Resecurity, earlier targeting other geographies, including the U.S., U.K., EU, UAE, KSA, and the most recently Pakistan.

In June, the Press Information Bureau Kerala (PIB), an official agency of the Government of India under the Ministry of Information and Broadcasting, has warned users about the increasing smishing activity and urged citizens to remain vigilant and cautious towards any suspicious messages claiming to be from postal services such as Indian Post, which could be impersonated by fraudsters.

Aggregating stolen digital identity data in large volumes can be an excellent catalyst for cyberespionage. Nation-state actors, in particular, would be highly interested in collecting such information, potentially masking their activities under the guise of traditional cybercrime.

According to the cybersecurity experts, the activity of Smishing Triad is tricky, as from one side the group uses smishing kits to steal credit card information while also distributing malicious code against the energy sector and impersonating major Fortune 100 brands, which have been used in targeted phishing attacks, based on recently uncovered network infrastructure. Moreover, smishing activity will be extremely valuable for both cybercriminals and nation-state actors in the long run, as both will seek to collect digital identity information on a massive scale.

Additional info is provided in the original report here:

https://www.resecurity.com/blog/article/smishing-triad-is-targeting-india-to-steal-personal-and-payment-data-at-scale

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, India)


facebook linkedin twitter

Hacking hacking news India information security news IT Information Security Pierluigi Paganini Security Affairs Security News Smishing Triad

you might also like

Pierluigi Paganini July 13, 2025
Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb
Read more
Pierluigi Paganini July 13, 2025
Wing FTP Server flaw actively exploited shortly after technical details were made public
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

    Security / July 13, 2025

    Wing FTP Server flaw actively exploited shortly after technical details were made public

    Hacking / July 13, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

    Breaking News / July 13, 2025

    Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 13, 2025

    McDonald’s job app exposes data of 64 Million applicants

    Hacking / July 12, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT