
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
From Daily Security Review by Daily Security Review
October 29, 2025 · 27 min · Episode 320
About this episode
Palo Alto Networks reveals a large-scale smishing campaign linked to the Smishing Triad, involving over 194,000 malicious domains and targeting individuals globally.
A global smishing campaign of unprecedented scale has been uncovered by Palo Alto Networks, revealing the vast operations of a Chinese-speaking threat actor known as the Smishing Triad. Since January 2024, the group has deployed more than 194,000 malicious domains, impersonating legitimate organizations ranging from toll and postal services to banks, cryptocurrency exchanges, and delivery companies. This campaign, active across the U.S., Europe, Asia, and the Middle East, leverages personalized SMS messages designed to trick recipients into divulging sensitive personal or financial information. Palo Alto Networks’ threat intelligence analysis describes the Smishing Triad as operating under a Phishing-as-a-Service (PhaaS) model—a decentralized criminal ecosystem in which specialized actors handle everything from domain registration and hosting to SMS distribution and phishing kit development. The infrastructure churns through thousands of new domains weekly, with most lasting less than two weeks, making detection and takedown efforts nearly impossible to sustain. Impersonating legitimate entities such as the U.S. Postal Service, India Post, and major financial institutions, the…
Topics covered
- smishing
- cybersecurity
- threat intelligence
- phishing
- malicious domains
- financial fraud
Keywords
- smishing campaign
- malicious domains
- PhaaS
- cyber threats
- identity theft
- SMS phishing
- threat actor
Mentioned in this episode
Organizations: Palo Alto Networks, U.S. Postal Service, India Post, Smishing Triad
Places: U.S., Europe, Asia, Middle East
More episodes of Daily Security Review
- Operation ForumTroll: Chrome Zero-Day Tied to Italian Spyware Developer Memento Labs · October 29, 2025 · 37 min
- Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025 · October 28, 2025 · 26 min
- Firefox Add-Ons Must Declare Data Collection—or Be Rejected · October 28, 2025 · 29 min
- Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software · October 28, 2025 · 25 min
- $1 Million WhatsApp Exploit Withdrawn—Researcher Silent, Meta Calls It “Low-Risk” · October 28, 2025 · 20 min
- OpenAI Atlas Omnibox Jailbreak Exposes New AI Security Flaw · October 27, 2025 · 35 min
Explore listener stats, chart rankings, contacts and more on the Daily Security Review podcast page.