• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Latest AZORult Malware – IOC’s
July 6, 2020
Rewterz Threat Alert – Taurus Stealer
July 6, 2020

Rewterz Threat Alert – Web Skimming (Magecart) attacks Targeted by North Korean Hackers

July 6, 2020

Severity

High

Analysis Summary

Infamous North Korean hackers have set their sights on online stores after hacking banks and cryptocurrency exchanges, orchestrating ATM cash-outs, and deploying ransomware. The state sponsored hacking crews are breaking into online stores to insert malicious code that can steal buyers’ payment card details as they visit the checkout page and fill in payment forms. The attacks have been observed from May 2019 after an extensive report was published by SanSec.

These types of attacks are named “web skimming,” “e-skimming,” or “Magecart attack,” with the last name coming from the name of the first group who engaged in such tactics.

The goal of these attacks is for hackers to gain access to a web store’s backend server, associated resources, or third-party widgets, where they can install and run malicious code on the store’s frontend. The code loads only on the check out page, and silently logs payment card details as they’re entered into checkout forms. This data is then exfiltrated to a remote server, from where hackers collect it and sell it on underground cybercrime markets.

sansec-nk.png

Pyongyang have been linked to cyber heists activities for a long period of time where they’ve targeted at banks all over the globe, have been involved in ATM heists and ATM cash-outs in different regions, and it is no longer surprising that they’ve turned their eyes to online stores for their financial gains after more sanctions were imposed on them by the US government recently. These attacks have historically gravitated towards any type of cybercrime that can generate a profit for the pyongyang regime. 

Impact

  • Gain access
  • Financial loss
  • Exposure of sensitive information

Remediation

Keep websites patched against exploitable vulnerabilities.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.