An introduction to the third-party cookie crackdown

The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42.

"Although these domains are registered through a Hong Kong-based registrar and use Chinese nameservers, the attack infrastructure is primarily hosted on popular U.S. cloud services," security researchers Reethika Ramesh, Zhanhao Chen, Daiping Liu, Chi-Wei Liu, Shehroze Farooqi, and Moe Ghasemisharif said.

The activity has been attributed to a China-linked group known as the Smishing Triad, which is known to flood mobile devices with fraudulent toll violation and package misdelivery notices to trick users into taking immediate action and providing sensitive information.

These campaigns have proven to be lucrative, allowing the threat actors to make more than $1 billion over the last three years, according to a recent report from The Wall Street Journal.