USPS Anchors Snowballing Smishing Campaigns

Researchers found 164 domains connected to a single threat actor located in Tehran.

A cyber campaign by threat actors targeting the US Postal Service (USPS) using smishing and phishing tactics is cresting, with close to 200 different domains used as infrastructure for the attacks.

While using tactics such as these is common in the cyber world, the volume of these campaigns has increased significantly in recent weeks. This prompted an investigation by DomainTools, which looked into the domain included at the end of one of the smishing messages and found that it was a unique email address — mehdi.kh021@yahoo[.]com — that included a backslash, a feature tied to 71 other domains.

Another email with a similar naming convention — mehdi.k1989@yahoo[.]com, only differing from the first domain in the five characters after the period — was tied to an additional 63 domains. That tally combined with a further 30 domains found through an email missing a backslash, the researchers at DomainTools have found 164 domains at present being used in the campaign…