In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Multiple Brother Devices: Multiple Vulnerabilities (FIXED)
June 25, 2025
Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 ...
- U.S. House of Representatives bans WhatsApp from staff devices
June 24, 2025
The U.S. House of Representatives’ top official has banned WhatsApp from government-issued devices used by its staff, saying the app poses potential security risks, Reuters reported, citing a memo sent to House staff. “The Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user ...
- U.S. Department of Defense Employee Charged with Unlawful Retention of Classified Documents
June 24, 2025
A civilian employee of the U.S. Department of Defense (DoD) was arrested and made her initial court appearance yesterday to face charges of unauthorized removal and retention of classified documents. Ewa Maria Ciszak, 64, of Huntsville, Alabama, is charged with knowingly removing and retaining classified documents and materials. According to court documents unsealed today in the ...
- SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play
June 23, 2025
In January 2025, Kaspersky researchers uncovered the SparkCat spyware campaign, which was aimed at gaining access to victims’ crypto wallets. The threat actor distributed apps containing a malicious SDK/framework. This component would wait for a user to open a specific screen (typically a support chat), then request access to the device’s gallery. It would then use ...
- Chaos ransomware hits Optima Tax Relief, leaks 69GB of data
June 21, 2025
Cyberattacks on financial service providers are no longer isolated events. In recent years, tax preparation companies, accounting software vendors and data brokers have all found themselves in the crosshairs of increasingly aggressive ransomware gangs. These attacks don’t just disrupt operations but also expose deeply personal financial information that can fuel identity theft, fraud and long-term reputational ...
- Resurgence of the Prometei Botnet
June 20, 2025
In March 2025, Unit 42 researchers identified a wave of Prometei attacks. Prometei refers to both the botnet and the malware family used to operate it. This malware family, which includes both Linux and Windows variants, allows attackers to remotely control compromised systems for cryptocurrency mining (particularly Monero) and credential theft. This article focuses on the ...