In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Roundcube Releases Security Updates for Webmail
June 4, 2025
Roundcube has released versions 1.6.11 and 1.5.10 for its Webmail product. The updated versions address a critical severity vulnerability in the Webmail product. CVE-2025-49113 has a CVSSv3 score of 9.9 and is a “deserialisation of untrusted data” vulnerability. An authenticated remote attacker could exploit this vulnerability to achieve remote code execution. Read more… Source: NHS Digital Sign up for ...
- #StopRansomware: Play Ransomware
June 4, 2025
This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware ...
- Hello, Operator? A Technical Analysis of Vishing Threats
June 4, 2025
Organizations are increasingly relying on diverse digital communication channels for essential business operations. The way employees interact with colleagues, access corporate resources, and especially, receive information technology (IT) support is often conducted through calls, chat platforms, and other remote technologies. While these various available methods enhance both efficiency and global accessibility, they also introduce an expanded ...
- Android chipmaker Qualcomm fixes three zero-days exploited by hackers
June 3, 2025
Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns. Qualcomm cited Google’s Threat Analysis Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws “may be under limited, targeted exploitation.” According to ...
- From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime
June 3, 2025
In the ever-evolving landscape of cyber threat actors, the lines between ideologically driven hacktivism and financially motivated cybercriminals have become increasingly blurred. Originally fueled by political, social, or ethical causes, hacktivist groups have historically engaged in digital protest through website defacements, data leaks, and distributed denial of service (DDoS) attacks. However, in recent years, a noticeable ...
- Host-based logs, container-based threats: How to tell where an attack began
June 3, 2025
Although containers provide an isolated runtime environment for applications, this isolation is often overestimated. While containers encapsulate dependencies and ensure consistency, the fact that they share the host system’s kernel introduces security risks. Based on Kaspersky security researchers experience providing Compromise Assessment, SOC Consulting, and Incident Response services to Kaspersky customers, the researchers have repeatedly seen ...