In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Telecom giant Orange warns of disruption amid ongoing cyberattack
July 29, 2025
Orange, a French telecommunications giant and one of the largest phone providers in the world, announced on Monday that it was the victim of an unspecified cyberattack. In the announcement, the company said that it detected a cyberattack “on one of its information systems” on July 25, and that it proceeded to “isolate potentially affected services ...
- CVE-2025-53770 – Zero-day exploitation in the wild of Microsoft SharePoint servers
July 29, 2025
Microsoft released an advisory for CVE-2025-53770, a critical Remote Code Execution (RCE) vulnerability affecting on-premise SharePoint servers. This vulnerability has been exploited in the wild as a zero-day by an unknown threat actor prior to the disclosure from Microsoft. The vulnerability is described as an unauthenticated deserialization of untrusted data issue, and has a CVSS base ...
- Endgame Gear warns mouse config tool has been infected with malware
July 29, 2025
Gaming kit maker Endgame Gear has confirmed it was the victim of a supply chain attack which saw unidentified threat actors break into its website and replace a legitimate configuration tool with a trojanized version containing malware. In an announcement posted on the company’s website, it said on June 26 2025, someone managed to replace a ...
- Scattered Spider hackers are targeting US critical infrastructure via VMware attacks
July 28, 2025
The infamous ScatteredSpider ransomware group is using VMware instances to target critical infrastructure organizations in the US, researchers have warned. In the campaign, the hackers do not exploit any vulnerabilities, but instead go for “aggressive, creative, and particularly skilled” social engineering. They first reach out to their victim’s IT desk, impersonating an employee, and asking for ...
- Russia: Aeroflot cancels dozens of flights after hacker attack paralyzes IT systems
July 28, 2025
Russia’s Aeroflot airline has cancelled 49 round-trip flights to and from Moscow due to an IT system failure, the air carrier reported. The press service of the Prosecutor General’s Office of Russia said that the airline’s information systems were brought down by a hacker attack. The carrier warned of adjustments to its flight schedule, including delays ...
- NASCAR confirms user data breach following Medusa ransomware attack
July 28, 2025
NASCAR has confirmed it suffered a cyberattack and a data breach in April 2025 which saw personal information of racing fans allegedly stolen. The organization filed data breach reports with attorneys general in multiple US states, describing what had happened, and how it responded, noting the attack started on March 31, 2025, and was spotted – ...