A financially driven gang known as the Silent Skimmer Gang Targets Online Payments infrastructure, including online retailers and Point of Sales (POS) suppliers.
The Asia-Pacific (APAC) region is where they are primarily engaged. The attacker attacks web servers using weaknesses to obtain first access. Consumers’ private financial information is collected from compromised websites by the final payload via payment scraping techniques.
The BlackBerry Threat Research and Intelligence team has discovered that the threat actor is proficient in Chinese, is mostly active in the Asia-Pacific (APAC) region, and has a number of victims in North America.
Web applications are susceptible to attacks from campaign operators, especially those hosted on Internet Information Services (IIS). Their primary objective is to hack into the payment checkout page and steal users’ sensitive financial information.
According to the information provided to Cyber Security News, “Once the attacker has obtained initial access to the web server, they deploy various tools and techniques, including open-source tools and Living Off the Land Binaries and Scripts (LOLBAS),”
A port scanner and an implementation of CVE-2019-18935, a vulnerability previously exploited by the advanced persistent threat (APT) group HAFNIUM and the suspected Vietnamese crimeware actors XE Group, are among the tools that researchers claim the gang utilizes.
Exploiting CVE-2019-18935 could lead to remote code execution (RCE).
Reports specifically state that this campaign makes use of at least five Privilege Escalations, one Remote Code Execution (RCE), one Remote Access, one Downloader/Stager, and one Post Exploitation tool.
The payload executes the code to launch a PowerShell script, a type of RAT (remote access tool), which can perform a number of functions like gathering system information, looking for, downloading, and uploading pertinent files, connecting to a database, etc.
Keywords: APAC financial cyberattacks, Silent Skimmer online payment, BlackBerry threat intelligence
Read More
- eSentire Thwarts LockBit Ransomware Attacks with Rapid Response Efforts
- AI Adoption Soars, but Security Concerns Haunt DevOps and SecOps
- Unmasking the Threat: Password Spray Attack Detected Worldwide by Microsoft
Health Tips: Try GlucoTrust contains Gymnema sylvestra best Diabatic control