From 6870ac7c42dc2a65ab1f87f7adc14915bdae6f9e Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 17 Apr 2024 10:09:09 -0700
Subject: [PATCH] [threat-actors] Add Smishing Triad

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 795b531..03c51de 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15571,6 +15571,17 @@
       },
       "uuid": "07232925-bd1b-49a9-adca-46536ff6fdd8",
       "value": "Bignosa"
+    },
+    {
+      "description": "The Smishing Triad is a Chinese-speaking threat group known for targeting postal services and their customers globally through smishing campaigns. They leverage compromised Apple iMessage accounts to send fraudulent messages warning of undeliverable packages, aiming to collect personally identifying information and payment credentials. The group offers smishing kits for sale on platforms like Telegram, enabling other cybercriminals to launch independent attacks. \"Smishing Triad\" has expanded its operations to target UAE citizens, using geo-filtering to focus on victims in the Emirates.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.resecurity.com/blog/article/Smishing-Triad-Impersonates-Emirates-Post-Target-UAE-Citizens"
+        ]
+      },
+      "uuid": "85db04b5-1ec2-4e25-908a-f53576bd175a",
+      "value": "Smishing Triad"
     }
   ],
   "version": 305