December 20, 2023 at 05:57AM
Chinese-speaking threat actors, known as Smishing Triad, have impersonated the UAE Federal Authority for Identity and Citizenship to send malicious SMS messages aimed at gathering sensitive information. They utilize URL-shortening services and fake websites. The group also offers smishing kits for sale and engages in Magecart-style attacks. Another disclosure involves cyber criminals repurposing Predator, a tool designed to combat fraud, for various phishing campaigns.
Key Takeaways from the Meeting Notes:
1. The threat actors behind the Smishing Triad are using SMS phishing to gather sensitive information from residents and foreigners in the UAE.
2. They are masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship and are sending malicious SMS messages with the goal of identity theft and financial fraud.
3. The group has been observed using compromised Apple iCloud accounts to send smishing messages and engaging in Magecart-style attacks on e-commerce platforms.
4. The threat actor is offering smishing kits for sale to other cybercriminals and employing a fraud-as-a-service (FaaS) model to scale their operations.
5. The latest attack wave is designed to target individuals who have recently updated their residence visas with harmful messages, and it applies to both Android and iOS devices.
6. The attackers are using a geofencing mechanism to load the phishing form only when visited from UAE-based IP addresses and mobile devices.
7. They may have access to a private channel to obtain information about UAE residents and foreigners through various sources such as data breaches, business email compromises, and dark web databases.
8. Threat actors are repurposing the Predator tool to combat fraud and identify requests originating from automated systems for use in phishing campaigns.
These clear takeaways summarize the main points of the meeting notes and provide a concise overview of the discussed topics.