HQ/EMEAFind out how we can help your business
A Chinese-based phishing group, PostalFurious, has been linked to a newly launched SMS campaign that began on April 15, 2023, targeting individuals in the UAE by posing as postal services and toll operators.
This campaign involves sending false text messages to recipients, urging them to pay a fee for a vehicle trip to avoid additional fines. In hiding the actual phishing link, the messages include a shortened URL. Upon clicking the link, unsuspecting victims are directed to a counterfeit landing page to gather victims’ payment credentials and personal information.
According to security researchers, the URLs included in the deceptive text messages direct users to counterfeit payment pages that mimic the branding of legitimate postal service providers, where unsuspecting victims are prompted to disclose personal information.
More details about the PostalFurious gang remain limited.
The full extent of these attacks remains uncertain, but it has been discovered that the messages originated from phone numbers registered in Malaysia and Thailand, including email addresses using the Apple iMessage service.
Furthermore, researchers noted that the phishing links have been geofenced, restricting access to the fraudulent pages exclusively from IP addresses based in the UAE. The threat actors have also regularly created new phishing domains to increase their outreach, as observed through their daily domain registrations.
A second highly similar campaign was also identified on April 29, 2023, in which a UAE postal operator was imitated. This smishing activity signifies the expansion of the threat actor’s endeavours, which have targeted users in the Asia-Pacific region since at least 2021.
This development follows closely behind another phishing campaign, Operation Red Deer, which revolves around a postal theme and specifically targets multiple Israeli organisations to distribute a remote access trojan named AsyncRAT. The responsibility for these attacks has been attributed to a threat actor identified as Aggah.
Individuals are advised to adopt cautious clicking habits concerning links and attachments, maintain updated software, and adhere to strong digital hygiene practices.
While specific details about the PostalFurious group’s composition, members, and origins may be limited, it is believed to be a Chinese-based group due to the attribution made by security researchers. Cybersecurity experts and organisations continuously monitor the activities of such groups to gather intelligence and mitigate their impact.
