Google says the Lighthouse phishing service has been disrupted after the company filed a lawsuit against the cybercrime group operating it.
The threat actor has been around since at least 2023 and it has been tracked as Smishing Triad because it specializes in large-scale SMS phishing (smishing) campaigns. The cybercriminals are believed to be based in China.
The lawsuit was announced by Google on Tuesday and on Thursday the internet giant told SecurityWeek that Lighthouse operations have been shut down.
The company has shared a screenshot of a Chinese-language message posted by the cybercriminals, saying that their “cloud server has been blocked due to malicious complaints”. However, the threat actor appears hopeful that it can restore the server.
“This shutdown of Lighthouse’s operations is a win for everyone,” Halimah DeLaine Prado, general counsel at Google, said in an emailed statement. “We will continue to hold malicious scammers accountable and protect consumers.”
Smishing Triad’s services enable cybercriminals to send out smishing messages impersonating toll services, package delivery services, healthcare organizations, banks, online payment platforms, social media sites, and law enforcement.
The Lighthouse phishing-as-a-service kit is used to distribute links to phishing sites designed to trick users into handing over their credentials, banking details, and other information. Google identified more than 100 phishing site templates impersonating its brand and services.
Google said the phishing messages targeted more than one million users across over 120 countries, with an estimated 12 million to 115 million payment cards stolen in the US alone.
According to Palo Alto Networks, a recent Smishing Triad campaign involved more than 194,000 malicious domains.
Security firm Silent Push reported in April that Smishing Triad claimed to have more than 300 “front desk staff”, and noted that the cybercriminals had hosted most of their phishing sites on Tencent and Alibaba infrastructure.
The extent of the impact of Google’s lawsuit against Smishing Triad remains to be seen. Filing lawsuits against unnamed cybercriminals enables major tech companies such as Google and Microsoft to obtain court orders for seizing malicious domains.
In addition, lawsuits allow the companies to subpoena ISPs, hosting providers, and registrars to obtain technical information related with the operation and the cybercriminals, which can ultimately lead to unmasking their true identities.
Related: 1,000+ Servers Hit in Law Enforcement Takedown of Rhadamanthys, VenomRAT, Elysium
Related: RaccoonO365 Phishing Service Disrupted, Leader Identified
Related: NHS Investigating Oracle EBS Hack Claims as Hackers Name Over 40 Alleged Victims
