In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Critical Veeam Backup & Replication CVE-2025-23120
March 19, 2025
On Wednesday, March 19, 2025, backup and recovery software provider Veeam published a security advisory for a critical remote code execution vulnerability tracked as CVE-2025-23120. The vulnerability affects Backup & Replication systems that are domain joined. Veeam explicitly mentions that domain-joined backup servers are against security and compliance best practices, but in reality, we believe this ...
- Cyber Group Disrupts Communication Networks of Iranian Oil Fleet
March 19, 2025
A hacker group has disrupted the communication networks of ships belonging to two major Iranian shipping companies sanctioned by the US. The group, called Lab Dookhtegan or “Read My Lips”, said it has disrupted the communication networks of 116 ships and therefore, severed the ships’ connections to each other, their ports, and external communication channels, according ...
- Arcane stealer: We want all your data
March 19, 2025
At the end of 2024, Kaspersky researchers discovered a new stealer distributed via YouTube videos promoting game cheats. What’s intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla and DynDNS. The stealer was named Arcane, not ...
- Fake BianLian Ransomware Letters in Circulation
March 19, 2025
On March 5, the FBI issued an alert regarding a mail scam targeting U.S. business executives with extortion. The letters claim to be from noted ransomware group BianLian, demanding a payment in Bitcoin ranging from $250,000 to $500,000 within ten days of receipt. The FBI alert reads as follows: “Stamped “Time Sensitive Read Immediately”, the letter ...
- ZDI-CAN-25373: Windows shortcut exploit abused as Zero-Day in widespread APT campaigns
March 18, 2025
The Trend Zero Day Initiative threat hunting team identified significant instances of the exploitation of ZDI-CAN-25373 across a variety of campaigns dating back to 2017. The researchers analysis revealed that 11 state-sponsored groups from North Korea, Iran, Russia, and China have employed ZDI-CAN-25373 in operations primarily motivated by cyber espionage and data theft. Trend Micro discovered ...
- Critical Security Incident involving GitHub Action tj-action/changed-files
March 17, 2025
A critical security incident involving the tj-actions/changed-files GitHub Action has been reported. The changed-files action, which allows GitHub repositories to track file changes, has been tampered with to allow the exposure through GitHub Actions build logs of CI/CD secrets, including passwords, tokens, API keys, PII and other sensitive data that have been embedded within software code. ...