APT / THREAT GROUP

XinXin

🇨🇳China-attributed
1
campaigns
3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

XinXin is a Chinese-speaking threat actor known for its phishing-as-a-service platform, Lucid, which targets global organizations to steal credit card details and personally identifiable information through smishing campaigns. The group employs advanced techniques such as exploiting Rich Communication Services and Apple's iMessage protocol to bypass traditional SMS filters. XinXin also develops and utilizes other phishing kits like Lighthouse and Darcula, facilitating large-scale phishing operations with automated tools and evasion techniques. The group operates a structured hierarchy and monetizes stolen data while actively supporting the development of similar PhaaS services.

Threat Analysis

XinXin is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

XinXin — Active Operations March 2026

XinXin is a unknown-motivation threat actor attributed to China. XinXin is a Chinese-speaking threat actor known for its phishing-as-a-service platform, Lucid, which targets global organizations to steal credit card details and personally identifiable information through smishing campaigns. The group employs advanced techniques such as exploit...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇨🇳 China
Aliases3
SourceMalpedia

Also Known As

Black TechnologyXinXinchangqixinyun

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.