In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America.
Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.
Read more…
Source: Palo Alto Unit 42
Related:
- Russian banking sector faced DDoS attack planned from abroad
July 24, 2024
The Russian banking sector was exposed to a DDoS attack planned from overseas, the VTB Bank press service told TASS. “The banking sector was exposed to the DDoS attack orchestrated from overseas. A minor share of VTB clients faced individual constraints in operations of bank apps due to the high load on the infrastructure of Internet ...
- Cyberattack closes Jefferson County Clerk’s Office, all motor vehicle branches
July 24, 2024
A cyber attack forced the Jefferson County Clerk’s Office to close its eight branches this week. The attack was first discovered at 2:24 a.m. Monday, said Ashley Tinius, a spokesperson for the office. The office has been working with a private cybersecurity firm and law enforcement to investigate the attack and repair its system, Tinius said. ...
- Telegram Zero-Day Let Hackers To Spread Malware Hidden in Videos
July 24, 2024
Cybersecurity researchers at ESET discovered a zero-day vulnerability that targeted the Telegram for Android app and sent malicious files disguised as videos through chats. The zero-day exploit, dubbed “EvilVideo,” allowed hackers to share Android payloads via Telegram channels, groups, and chats, and make them appear to be multimedia files. This exploit targeted only Android Telegram versions ...
- Stargazers Ghost Network
July 24, 2024
Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods. Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that ...
- Ransomware attack shuts down The Superior Court of Los Angeles County
July 22, 2024
The Superior Court of Los Angeles County will be closed on Monday as they continue to recover from a ransomware attack that happened last week. Because of this, all 36 courthouse locations across LA County will be closed to start the week as work continues on the repair and reboot of network systems that were shut ...
- Cybercriminals quickly exploit CrowdStrike chaos
July 20, 2024
Who loves a global outage? Phishers, fraudsters and all manner of creeps Criminals didn’t waste any time taking advantage of the CrowdStrike-Microsoft chaos and quickly got to work phishing organizations and spinning up malicious domains purporting to be fixes.… Just hours after a faulty CrowdStrike file shut down Windows machines around the globe, reports surfaced of ...