- One of the best mid-range sports watches I've tested is on sale for Black Friday
- This monster 240W charger has features I've never seen on other accessories (and get $60 off this Black Friday)
- This laptop power bank has served me well for years, and this Black Friday deal slashes the price in half
- This power bank is thinner than your iPhone and this Black Friday deal slashes 27% off the price
- New Levels, New Devils: The Multifaceted Extortion Tactics Keeping Ransomware Alive
Chinese Phishing Gang
A recently discovered Chinese phishing gang has expanded its campaigns to the Middle East with new scams designed to harvest personal and payment data from victims, according to Group-IB.
The Singapore-based threat intelligence firm reported the discovery of the “PostalFurious” group in April 2023, after it spotted a smishing campaign impersonating postal brands and toll operators in APAC.
It has now attributed a new flood of phishing texts and iMessages in the UAE to the same group.
Read more on SMS-based scams: IRS Warns of “Industrial Scale” Smishing Surge.
UAE residents received spoofed messages asking them to pay a vehicle toll to avoid additional fines, Group-IB explained. The text messages contained shortened URLs to obscure the true phishing domain and once a user clicked, they were directed to a fake branded payment page.
An almost identical campaign, which began two weeks after the first, impersonating a UAE postal operator. Both use the same servers, with phishing messages often sent from numbers in Malaysia and Thailand, as well as via email addresses through iMessage.
URLs in the texts asked individuals to enter personal and financial details including name, address and credit card information.
It is not clear how many people were targeted in this campaign, but customers of several UAE telcos have received the malicious SMS messages, Group-IB said.
The phishing websites themselves apparently use access-control techniques to avoid automated detection and blocking, and can only be accessed from UAE-based IP addresses.
Group-IB tied the campaigns to PostalFurious with some confidence, given they use the same infrastructure and code observed in previous activity from the group in APAC.
Laravel is used as an administration panel, while the source code of the phishing contains comments written in simplified Chinese, it said.
Group-IB senior cyber investigation specialist Anna Yurtaeva argued that phishing actors are becoming more prolific and sophisticated.
“They can no longer be detected and stopped by automated blocking. People should stay vigilant and aware of ongoing scams,” she added.
“PostalFurious operations demonstrate the transnational nature of organized cybercrime and emphasize the need for a coordinated joint response that involves the general public, private sector, and government.”
