BREAKING!! New SMS phishing campaign pretending to be from the United States Post Office being pushed out to cell phones today. So far the link in the SMS being used is this domain m9sxv[.]info. Here are a couple of sample texts we have collected. #infosec#malware#smish#osint
There is a fair amount of victim fingerprinting going on based on the device ect... Here m9sxv[.]info immediately redirects to a jtuzd.rdtk[.]io link. #infosec#malware#smish#osint#phishing
We got one link to go a fake casino game but haven't fully investigated in a safe manner. Most of the time it appears to be looking for users that are logging into a Google account. I'm guessing to possibly steal credentials somehow,. #infosec#malware#smish#osint#phishing
Here is a previous thread we did on SMS phishing campaigns ... or #smish as the kids are now calling them. They come in all flavors and some are very clever and compelling #osint#malware#infosec#phishing
Good additional info and yes malvertising is a huge problem. And given these links go through a series of redirects all looking for specific indicators of the victim ... so can be sent just about anywhere by the end of the chain.
Based on the comments in the thread below it looks like
m5smz[.]info and m7smz[.]info have been previously used in the past few days. So it would appear they are rotating out the domains with slight variations every couple of days or so. #smish#infosec#osint
Since this USPS #smishing is getting more attention, including writeups in gizmodo.com/no-usps-spam-i… & tripwire.com just wanted 2b clear that we do not know whether there is any malware involved. It is likely credential harvesting, but that is also not confirmed #osint
With that said Gizmodo provides additional context around some replies we got talking about human trafficking, which on Tuesday made zero sense to us. Apparently, Q-anon cultists managed to turn this #smishing into a total tin-foil hat conspiracy. gizmodo.com/no-usps-spam-i…
Here is the Tripwire article by @DMBisson about the USPS #smishing campaign we highlighted on Tues. There are two Alibaba IP addresses so far involved in the public facing SMS that host over 900 4-5 character domains #smish#infosec#osint#phishing
Seems to be a very interesting coordinated effort that is very well funded and links to almost all of the House Democrats that have come out against Biden. Are these House Dems just really naive or are they all part of the scheme. 🔥🔥 I have a feeling this is going to blow up.
And I wasn't even talking about this .... the leaked Ted Cruz fund raisers a month or two back .... but wow why would Ted Cruz be meeting with a guy who is now helping to fund House Dem backstabbers? 🤔 You know this @RepAngieCraig
🔥🔥 Now that Sidney Powell has flipped on everyone else in the #BigLie (Michael Flynn as well possibly)… these prior details about David Hancock apparently having a phone recording between Donald Trump and Sidney Powell at Lin Wood’s Tomotley about the time General Flynn got his pardon from Trump … well 💥💥
@visionsurreal Outstanding article just out by @emptywheel that follows along this line of thinking that there may in fact be some damning evidence of a quid pro quo for the pardon Trump gave to Flynn while they were all at Lin Wood’s plantation in Georgia. emptywheel.net/2023/10/22/don…
I have become fascinated with one of the more obscure defendants that was named in the @faniforDA indictment that most prominently included Donald Trump and his efforts to reverse the Presidential outcome (his loss) in Georgia. The name is Rev. Stephen Lee and he is an ordained Missouri Synod Lutheran minister & a connection to NAR (New Apostolic Reformation). 1/9
Here is the relevant section of the @faniforDA indictmetn that discusses Rev. Stephen Lee's invovlement and the relevant charges. Basically he traveled to Georgia to help with the efforts of overturning Trump's loss there after the 2020 election. Lee was indicted for attempting to coerce election worker Ruby Freeman into falsely admitting election fraud. 2/9
First it should be noted that the doctrine of the Missouri Synod Lutheran Church (LCMS) is very very different from that of the ELCA Lutheran church with LCMS being much more conservative and rigid. Anti-LGBTQ, anti-reproductive rights, forbids women being ministers and oddly states a position against Freemasonry ect... 3/9
There is alot of talk that the new Qanon movie "Sound of Freedom" is being heavily astroturfed and this thread by @CyKoore sure seems to support that idea. Lots of talk that big blocks of tickets are being bought up by unknown dark money sources and lots of videos of empty… twitter.com/i/web/status/1…
In fact Angel Studios themselves crowd-sourced the purchase of tickets to the #SoundOfFeeedom movie that supposedly were then provided free of charge to patrons wanting to watch the movie. It would appear millions of tickets were procured in this manner both by Angel Studios and… twitter.com/i/web/status/1…
So is the supposed talk of box office success of #SoundOfFeeedom actually being astroturfed? Its difficult to empirically assess something like this but one way is to look at Google trends data and compare it to other movie openings. We found a few things of interest. One thing… https://t.co/KS6fPXmayktwitter.com/i/web/status/1…
This is looking more and more like a classic Kremlin hack and leak disinfo Op. Pretty clear with the fabricated Russian vs Ukrainian troop losses. We have found a couple pro-Kremlin accounts dispersing the documents on Twitter well before the NYTimes. Accounts involved in prior Kremlin #disinfo
Here is one pro-Kremlin troll account that has a clear past history of pushing out / boosting prior Kremlin disinformation operations. This account pushed out a portion of the leaked document hours before the New York Times article and promoted the part that was fabricated showing a significantly lower level of Russian troop losses than that of Ukrainian troop losses. Oddly levels lower than what even the Russian MoD has admitted to in the past. We redacted the sensitive parts of the screenshot of the original tweet.
Without having the original un-rendered image its difficult to assess how it might have been photoshopped / manipulated but it does appear text insertions were made in the "Total Assessed Losses" section. See image 2. Because the documents appear to have been leaked as photos of the physical copies there are bends and warpage in the final image. This was not fully taken into account in the manipulated / fabricated image.
And here is possible confirmation. Before and after ... insertions and deletions in the numbers of troop losses and equipment losses. Since this was also posted by someone else anonymously still no way to vouch for authenticity but seems to align with what others are saying in private. Still not clear how these classified documents detailing secret U.S. and NATO plans for aiding Ukraine were leaked and how much of them are even real. #NATO leaks #activemeasures #InfoOp cc @Dragnet_News
So remember a few months back when @NickKnudsenUS and I believe @visionsurreal also before that brought this to our attention .... this crazy Watchman Decree pledge / NAR adjacent video? One part of it seemed especially odd? The part that pledged "we declare we will be energy… twitter.com/i/web/status/1…
This section in particular in Emma Brown's new @washingtonpost article talking about how Ginni Brown's CRC group was only ever on one amicus brief and it was with the "American Fuel and Petrochemical Manufacturers" group. Who here would be shocked to learn that we may soon find… twitter.com/i/web/status/1…
Here is the tweet from @NickKnudsenUS again that shows the full video. Please watch it. Note the part about the "seven mountains" ... something very integral to NAR ideology. And the reference to "wokeness" is no mistake. This is "Christofascism"