Google has filed a lawsuit against a China-linked cybercriminal group known as the Smishing Triad, accusing it of operating a massive text-message phishing scheme that has targeted victims in more than 120 countries.
The complaint focuses on the group’s use of a phishing-as-a-service kit called “Lighthouse” to steal financial and identity data from mobile users.
First detailed in 2023 by Resecurity, a California-based cybersecurity company protecting Fortune 100 firms and governments worldwide, Smishing Triad’s activity affected consumers across Europe, the Middle East, Australia, Asia, and North America.
Resecurity found that the Triad ran its distribution network through Telegram and used templates impersonating UPS, USPS, the UK government, and multiple telecom operators.
The company outlined that several successors of the Smishing Triad, including Chinese threat groups Panda Shop and StupidFISH, later adopted the same tools and methods.
Espionage Implications Beyond Financial Crime
While the group presents itself as financially motivated, analysts say the scale of the stolen identity data carries far broader implications.
“Positioning it as a cybercrime provides such actors with plausible deniability that they are financially driven, when in fact, that stolen data represents a significant interest for China,” said Gene Yoo, CEO of Resecurity.
“The acquisition of identity and payment data in massive volumes is one of the hidden elements of espionage campaigns targeting mobile consumers.”
Google claims the group’s operations may have exposed between 12.7 and 115 million credit cards in the United States alone.
The company urged Congress to pass new legislation aimed at curbing foreign cybercriminal activity conducted through US telecommunication networks.
Warnings about China-linked digital activity have grown louder in recent months. Australia’s intelligence chief Mike Burgess said Beijing-linked threat actors, including groups known as Salt Typhoon and Volt Typhoon, are stepping up operations targeting power, water, transport, and telecom infrastructure.
These groups have shown particular interest in call-detail records and other sensitive data that can reveal patterns of life and foreign-policy priorities.
Telecoms Struggle to Keep Up
Telecom operators continue to struggle with smishing campaigns delivered through channels like Apple iMessage and Android’s RCS platform, which are hard to filter when attackers use compromised legitimate accounts.
The International Telecommunication Union has published guidelines on SMS phishing, and the GSMA, a non-profit trade association that represents the interests of mobile network operators worldwide, has encouraged mobile operators to adopt filtering tools, but these measures remain unevenly implemented.
For now, Google’s lawsuit marks one of the most aggressive steps a major US tech company has taken against a smishing-as-a-service network operating largely beyond the reach of US law enforcement.
