In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Russia: Aeroflot cancels dozens of flights after hacker attack paralyzes IT systems
July 28, 2025
Russia’s Aeroflot airline has cancelled 49 round-trip flights to and from Moscow due to an IT system failure, the air carrier reported. The press service of the Prosecutor General’s Office of Russia said that the airline’s information systems were brought down by a hacker attack. The carrier warned of adjustments to its flight schedule, including delays ...
- NASCAR confirms user data breach following Medusa ransomware attack
July 28, 2025
NASCAR has confirmed it suffered a cyberattack and a data breach in April 2025 which saw personal information of racing fans allegedly stolen. The organization filed data breach reports with attorneys general in multiple US states, describing what had happened, and how it responded, noting the attack started on March 31, 2025, and was spotted – ...
- In-Depth Analysis of an Obfuscated Web Shell Script
July 26, 2025
This analysis is a follow-up to the investigation titled ‘Intrusion into Middle East Critical National Infrastructure’, conducted by the FortiGuard Incident Response Team (FGIR), which investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East. The report revealed that threat actors had installed numerous web shell servers on the compromised system. In ...
- Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack
July 26, 2025
U.S. insurance giant Allianz Life has confirmed to TechCrunch that hackers stole the personal information of the “majority” of its customers, financial professionals, and employees during a mid-July data breach. When reached by TechCrunch, Allianz Life spokesperson Brett Weinberg confirmed the breach. “On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based ...
- Dating safety app Tea breached, exposing 72,000 user images
July 26, 2025
Tea, an app that allows women to post anonymous comments about men they’ve supposedly dated, announced Friday that it has suffered a data breach, with hackers gaining access to 72,000 images. That number includes 13,000 selfies and photo IDs submitted for account verification, as well as 59,000 images from posts, comments, and direct messages, the company ...
- Muddled Libra Threat Assessment: Further-Reaching, Faster, More Impactful
July 25, 2025
Unit 42 has tracked and responded to several waves of intrusion operations conducted by the cybercrime group we track as Muddled Libra (aka Scattered Spider, UNC3944) across different sectors in recent months. This article contains observations on Muddled Libra thus far in 2025 based on Unit 42 incident response insights. Unit 42 researchers share defensive recommendations ...