Outsider Enterprise
Outsider Enterprise is an alleged China-based cybercrime network that Google says operates on Telegram and supplies phishing tools and infrastructure to other fraudsters. According to the provided reporting, Google sued the group, alleging it used AI tools, including Gemini, to help generate code for phishing websites and related scam infrastructure and to accelerate phishing content creation at scale. Google linked the operation to more than 9,000 fake or fraudulent websites and more than 1 million fraudulent or malicious URLs, and said it was associated with millions of scam text messages, including roughly 2.5 million messages sent during a two-week period in May. Android users reportedly flagged 55,000 spam texts tied to the operation in that same period. The phishing kits supported large-scale smishing campaigns and fake websites designed to steal passwords, login credentials, payment card data, and other sensitive information. Reported lures included fake package delivery alerts, banking notifications, and account security warnings, and the campaigns impersonated technology companies, mobile carriers, financial institutions, package delivery services, Google, and other trusted brands. Google said the operation affected hundreds of thousands of victims and caused losses in the millions of dollars. No additional aliases or sub-groups are identified in the provided content.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Banks
- Software & Services
- Telecommunication Services
- Transportation
Where they're from
Attributed origin per open-source reporting.
- CN
Tradecraft
6 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A China-based cybercrime operation allegedly operating on Telegram, distributing phishing kits to other fraudsters, impersonating trusted brands including Google, and running large-scale SMS phishing campaigns that direct victims to fraudulent websites to steal credentials, payment card data, and other sensitive information.
China-based cybercrime network operating phishing and scam infrastructure at scale, including fake websites, fraudulent URLs, spam text campaigns, and phishing kits distributed via Telegram. The group used Gemini to help generate code for phishing websites and supported campaigns impersonating technology companies, mobile carriers, financial institutions, and package delivery services.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.