In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Europe’s leading solar power grid is ‘vulnerable’ to hackers
August 21, 2024
A recent study by a cybersecurity firm confirmed that the Dutch solar energy grid is vulnerable to multiple types of attacks on its system. A new study by a cybersecurity firm confirmed that one of Europe’s largest solar energy grids is vulnerable to multiple types of attacks on its system. Over a six-month period, researchers with ...
- Security gaps leave local governments vulnerable to a variety of cyber threats
August 21, 2024
Cities and counties are beefing up their IT security, and that makes sense, says Augustine Boateng, interim chief information officer (CIO) in Memphis, Tenn. “It’s important to note that local governments have developed a reputation over the years for having lackluster cybersecurity; and not without good reason. As a result, we’re seeing more and more cyberattacks ...
- Microchip Technologies hit by cyberattack
August 21, 2024
Microchip said an ‘unauthorised party’ disrupted its systems and has impacted its ability to fulfill manufacturing orders. US chipmaker Microchip Technologies has been hit with a cyberattack, disrupting its systems and impacting its manufacturing capabilities. The company revealed the details in a filing with the Securities and Exchange Commission and said it detected “suspicious activity” on ...
- Toyota confirms customer and employee data stolen, says breach at third party to blame
August 21, 2024
Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. Toyota told BleepingComputer that a breach at a third party had led to the ...
- Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum
August 20, 2024
The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks. Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the exploitation to other malicious actors. On underground criminal forums, these transactions allow actors with complementary skills to ...
- BVI Electricity Corporation suffers cyber attack
August 20, 2024
The BVI Electricity Corporation (BVIEC) announced on Monday, August 19, that it had fallen victim to a cyberattack. The power company stated that the attack has impacted both their internal and external operations. While the full details of the cyberattack have not been disclosed, BVIEC has assured the public that they are working closely with experts ...