Online payment firms in North and Latin America and the Asia Pacific have been targeted for over a year by the Silent Skimmer campaign that sought to exfiltrate sensitive payment data from checkout pages, The Hacker News reports.
Attributed to Chinese-speaking attackers, Silent Skimmer involved the exploitation of web app vulnerabilities followed by the utilization of various living-off-the-land techniques and open-source tools for further compromise, according to a report from the BlackBerry Research and Intelligence Team. Threat actors then distribute a PowerShell-based remote access trojan aimed at compromising web servers and facilitating stealthy financial data theft from payment checkout pages. Researchers also found that virtual private servers leveraged in the web skimmer campaign were dependent on victims' geolocation in a bid to avoid detection.
"The attacker focuses predominantly on regional websites that collect payment data, taking advantage of vulnerabilities in commonly used technologies to gain unauthorized access and retrieve sensitive payment information entered into or stored on the site," said researchers.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.