In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Oracle Cloud says it’s not true someone broke into its login servers and stole data
March 23, 2025
Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen. A crook late last week advertised on an online cyber-crime forum what was alleged to be Oracle Cloud customer security keys and other sensitive data swiped from the IT giant. This material was said to have ...
- Russian zero-day seller is offering up to $4 million for Telegram exploits
March 21, 2025
Operation Zero, a company that acquires and sells zero-days exclusively to the Russian government and local Russian companies, announced on Thursday that it’s looking for exploits for the popular messaging app Telegram, and is willing to offer up to $4 million for them. The exploit broker is offering up to $500,000 for a “one-click” remote code ...
- Longtime FBI agent charged with disclosing classified records
March 20, 2025
A longtime FBI agent has been charged with unlawfully taking and disclosing classified FBI files, according to court records reviewed by CBS News. Johnathan Buma, who specialized in national security and terror cases, has been released on $100,000 bond, with orders to appear in court in Los Angeles. Buma was arrested as he boarded an international ...
- A website mapped Tesla owners and their personal information amid a wave of attacks
March 20, 2025
Tesla owners confirmed on Wednesday that an online map decorated with an image of a Molotov cocktail includes accurate personal information about them, such as residential addresses, raising fears that activists opposed to billionaire Tesla CEO Elon Musk could target them for vandalism. The online map went live Monday, displaying the names, addresses and contact information ...
- Data breach at stalkerware SpyX affects close to 2 million, including thousands of Apple users
March 19, 2025
A consumer-grade spyware operation called SpyX was hit by a data breach last year, TechCrunch has learned. The breach reveals that SpyX and two other related mobile apps had records on almost 2 million people at the time of the breach, including thousands of Apple users. The data breach dates back to June 2024 but had ...
- Pennsylvania: Half a million teachers hit in major data breach
March 19, 2025
Even if you practice perfect cyber hygiene, you can still wake up to find yourself amid a major security crisis resulting from a data breach, and that’s exactly what happened to half a million teachers. As reported by The Record, over 500,000 teachers and other employees who work in education across Pennsylvania’s public schools had their ...