CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 730
- Points
- 113
Chinese hackers are already well advanced in the field of payment data theft.
Researchers from the BlackBerry company recently identified a malicious operation aimed at online businesses and service providers with payment through payment terminals (PoS). The activity is being tracked under the name "Silent Skimmer" and is linked to Chinese-speaking cybercriminals.
"Attackers exploit vulnerabilities in web applications, especially those hosted on Internet Information Services (IIS)," the Canadian company reports. The purpose of the attack is to compromise the payment page and steal users payment data.
After a successful intrusion into the target systems, hackers use various tools to increase privileges, then exploit and execute the code. This chain of attacks usually results in the deployment of a PowerShell remote access Trojan that monitors the host and communicates with the remote server.
The main purpose of the intrusion, as indicated by BlackBerry — is to break into the web server and install a scraper in the payment verification service through a web shell in order to secretly intercept and store all financial information entered by victims.
Analysis of the attackers infrastructure showed that virtual private servers (VPS) used for management and control (C2) purposes are selected by attackers based on the geolocation of victims. The diversity of target industries and regions indicates that the campaign is more random than targeted.
BlackBerry emphasizes: "Attackers mainly concentrate on regional sites that collect payment data, using vulnerabilities in widely used technologies to gain unauthorized access and extract confidential payment information entered or stored on the site."
It is noteworthy that BlackBerry specialists revealed the campaign shortly after their colleagues from Sophos described a similar malicious operation using the Pig Butchering method. In this scheme, potential victims were involved in investments using false cryptocurrency schemes, "fattening up with promises" of high returns and fast withdrawal of funds.
"These scams don't even require malware on the victim's device, just fake websites and social engineering," said Sean Gallagher, a Sophos security researcher.
Researchers from the BlackBerry company recently identified a malicious operation aimed at online businesses and service providers with payment through payment terminals (PoS). The activity is being tracked under the name "Silent Skimmer" and is linked to Chinese-speaking cybercriminals.
"Attackers exploit vulnerabilities in web applications, especially those hosted on Internet Information Services (IIS)," the Canadian company reports. The purpose of the attack is to compromise the payment page and steal users payment data.
After a successful intrusion into the target systems, hackers use various tools to increase privileges, then exploit and execute the code. This chain of attacks usually results in the deployment of a PowerShell remote access Trojan that monitors the host and communicates with the remote server.
The main purpose of the intrusion, as indicated by BlackBerry — is to break into the web server and install a scraper in the payment verification service through a web shell in order to secretly intercept and store all financial information entered by victims.
Analysis of the attackers infrastructure showed that virtual private servers (VPS) used for management and control (C2) purposes are selected by attackers based on the geolocation of victims. The diversity of target industries and regions indicates that the campaign is more random than targeted.
BlackBerry emphasizes: "Attackers mainly concentrate on regional sites that collect payment data, using vulnerabilities in widely used technologies to gain unauthorized access and extract confidential payment information entered or stored on the site."
It is noteworthy that BlackBerry specialists revealed the campaign shortly after their colleagues from Sophos described a similar malicious operation using the Pig Butchering method. In this scheme, potential victims were involved in investments using false cryptocurrency schemes, "fattening up with promises" of high returns and fast withdrawal of funds.
"These scams don't even require malware on the victim's device, just fake websites and social engineering," said Sean Gallagher, a Sophos security researcher.
