In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
May 22, 2025
The possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address. But the new discovery of a massive trove of 184 million records—including Apple, Facebook, and Google logins and credentials for accounts connected to multiple governments—underscores the risks of recklessly ...
- NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
May 22, 2025
The campaign was first spotted during a February 2025 MDR investigation. Since then, Rapid7 researchers have seen more samples using the same infection method—a multi-layered setup we call the Catena loader. Catena uses embedded shellcode and configuration switching logic to stage payloads like Winos v4.0 entirely in memory, evading traditional antivirus tools. Once installed, it quietly ...
- Europol and Microsoft disrupt world’s largest infostealer Lumma
May 21, 2025
Europol’s European Cybercrime Centre has worked with Microsoft to disrupt Lumma Stealer (“Lumma”), the world’s most significant infostealer threat. This joint operation targeted the sophisticated ecosystem that allowed criminals to exploit stolen information on a massive scale. Europol coordinated with law enforcement in Europe to ensure action was taken, leveraging intelligence provided by Microsoft. Between 16 ...
- Scattered Spider snared financial orgs before targeting shops in Britain, America
May 21, 2025
Scattered Spider snared financial services organizations in its web before its recent spate of retail attacks in the UK and US, according to Palo Alto Networks’ Unit 42. “We saw several instances in the financial services space, and now we’re starting to see instances in the retail-oriented, customer-facing space,” Unit 42 principal threat researcher Kristopher Russo ...
- KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
May 20, 2025
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling ...
- Major supermarket distributor to Tesco and Sainsbury’s ‘held to ransom’
May 20, 2025
A major distributor to Britain’s biggest supermarkets, including Tesco, Sainsbury’s and Aldi, is being held to ransom by cyber hackers following a string of assaults on UK retail in the last month. Peter Green Chilled said clients were “receiving regular updates” including “workarounds” on how to continue deliveries. No orders would be processed on Thursday, although any ...