In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Flaw in Verizon call record requests put millions of Americans at risk
April 4, 2025
Security researcher Evan Connelly discovered an enormous flaw affecting one of the largest telecommunications companies in the world that could allow any single person to view the recent incoming call log for potentially any Verizon phone number. A vulnerability in the Verizon Call Filter iOS app allowed anyone to request the call logs of millions of ...
- NSA warns “fast flux” threatens national security. What is fast flux anyway?
April 4, 2025
A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned. The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would ...
- OH-MY-DC: OIDC Misconfigurations in CI/CD
April 4, 2025
This paper accompanies the presentation “Oh-My-DC,” delivered at DEF CON 32 in August 2024. This article assumes a basic familiarity with OAuth and CI/CD pipelines, including concepts like authorization grants, access tokens and the different stages of a CI/CD workflow. OIDC extends the OAuth protocol by adding a new token to the protocol, enabling applications to ...
- QR codes sent in attachments are the new favorite for phishers
April 3, 2025
Recently Malwarebytes Labs researchers have been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. There are several reasons why cybercriminals might want ...
- Australian superannuation funds targeted in suspected cyber attacks
April 3, 2025
Multiple large superannuation funds have been targeted in suspected cyber attacks that led to some members losing several thousand dollars in retirements savings. Hostplus, Rest, AustralianSuper and Australian Retirement Trust are among the providers targeted. The attacks were discovered over the weekend, and follow rising reports of online security threats in Australia with a cyber ...
- RolandSkimmer: Silent Credit Card Thief Uncovered
April 2, 2025
Web-based credit card skimming remains a widespread and persistent threat, known for its ability to adapt and evolve over time. FortiGuard Labs recently observed a sophisticated campaign dubbed “RolandSkimmer,” named after the unique string “Rol@and4You” found embedded in its payload. This threat actor targets users in Bulgaria and represents a new wave of credit card skimming ...