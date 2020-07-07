North Korean APTs enter Magecart web skimming market

By on
North Korean APTs enter Magecart web skimming market

HIDDEN COBRA attacks e-commerce sites.

Researchers believe North Korean state-sponsored threat actors have begun targeting e-commerce sites to skim or intercept shoppers' credit card details.

Security vendor Sansec said it had discovered links between recent skimming operations, and previously documented North Korean HIDDEN COBRA hacking attacks that the United States government has tracked and warned about in the past few years.

The attacks target vulnerable Adobe Magento e-commerce shopping cart installations, adding malicious scripts to the stores' checkout pages that capture customers' keystrokes when credit card details are entered.

Sansec said the HIDDEN COBRA skimming attacks used an Italian model agency and a vintage music store in Tehran, Iran, and a book shop in New Jersey, United States, and hijacked their legitimate sites for criminal activity.

The malicious scripts are obfuscated but descrambling the code and finding links to earlier North Korean hacking campaigns made Sansec believe that the skimming attacks were done by the HIDDEN COBRA group.

Several common malware domains featuring hijacked sites were found by Sansec, which suggested that HIDDEN COBRA is now actively moving beyond cryptocurrency theft and attacks on banks.

Sansec thinks the North Koreans have been engaged in what the security vendor says is large scale digital skimming activity since at least May last year, joining Russian and Indonesian hackers in their plundering campaigns.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
adobe hidden cobra lazarus magecart magento north korea security webskimming

Most Read Articles

Telstra sets $65 a month as minimum spend to get 5G access

Telstra sets $65 a month as minimum spend to get 5G access
Woolworths pays record $1m fine for spamming customers

Woolworths pays record $1m fine for spamming customers
Telstra gets two more years to upgrade or sell its residential fibre networks

Telstra gets two more years to upgrade or sell its residential fibre networks
ATO systems crash in tax time refund rush

ATO systems crash in tax time refund rush
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Get IT, finance and business on the same page
Get IT, finance and business on the same page
Why is DevSecOps important to your business?
Why is DevSecOps important to your business?
Architecting Hybrid IT & Edge for Digital Advantage
Architecting Hybrid IT & Edge for Digital Advantage
Organizations Increasing Their Adoption of NFV
Organizations Increasing Their Adoption of NFV
Modernise IT by Reducing Your Reliance on AD
Modernise IT by Reducing Your Reliance on AD

Events

Log In

Username / Email:
Password:
  |  Forgot your password?