In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Critical Zero-day Vulnerabilities in VMware ESXi, Workstation, and Fusion
March 4, 2025
Broadcom has addressed three exploited vulnerabilities that, when chained, can allow an attacker to access the hypervisor through a running virtual machine. VMware’s official advisory does not include all affected product versions. VMware’s official advisory VMSA-2025-0004 includes a Response Matrix detailing the fixed releases for each product. VMware have also released an FAQ detailing the following: You are ...
- Israel: IDF to impose social media restrictions after probe revealed posts assisted Hamas
March 4, 2025
The IDF is working to impose restrictions on soldiers and officials regarding their activity on social media, following the IDF probe published on Monday which showed markers left by IDF soldiers on social media granted Hamas a complete breakdown of nearly every unit, sub-unit, and building within the Nahal Oz IDF base when it invaded ...
- YouTube cracks down on gambling videos trying to lure viewers to unapproved sites
March 4, 2025
YouTube is cracking down on content related to gambling as sports betting and other online prediction markets have taken off in the United States. The platform announced Tuesday it will no longer allow content that directs users to “unapproved” gambling websites through links, images, text, logos or verbal references. YouTube defines unapproved gambling sites as those ...
- Threat Actor Delivers Highly Targeted Multistage Polyglot Malware
March 4, 2025
In fall 2024, UNK_CraftyCamel leveraged a compromised Indian electronics company to target fewer than five organizations in the United Arab Emirates with a malicious ZIP file that leveraged multiple polyglot files to eventually install a custom Go backdoor dubbed Sosano. Proofpoint uses the UNK_ designator to define clusters of activity that are still developing and have ...
- Polish space agency says it’s investigating a cyberattack
March 4, 2025
Poland’s space agency (POLSA) says it is working to restore services following a cybersecurity incident. POLSA, the Polish government agency responsible for the country’s space activities, said in a post on X that it had “immediately disconnected” its network from the internet after detecting the cyberattack on Sunday. POLSA’s website remains offline at the time of ...
- Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
March 3, 2025
The Trend Micro Managed XDR and Incident Response (IR) teams recently analyzed incidents where threat actors deploying Black Basta and Cactus ransomware used the same BackConnect malware to strengthen their foothold on compromised machines. The BackConnect malware is a tool that cybercriminals use to establish and maintain persistent control over compromised systems. Once infiltrated, it grants ...