Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Latest AZORult Malware – IOC’s
July 6, 2020Rewterz Threat Alert – Taurus Stealer
July 6, 2020
Severity
High
Analysis Summary
Infamous North Korean hackers have set their sights on online stores after hacking banks and cryptocurrency exchanges, orchestrating ATM cash-outs, and deploying ransomware. The state sponsored hacking crews are breaking into online stores to insert malicious code that can steal buyers’ payment card details as they visit the checkout page and fill in payment forms. The attacks have been observed from May 2019 after an extensive report was published by SanSec.
These types of attacks are named “web skimming,” “e-skimming,” or “Magecart attack,” with the last name coming from the name of the first group who engaged in such tactics.
The goal of these attacks is for hackers to gain access to a web store’s backend server, associated resources, or third-party widgets, where they can install and run malicious code on the store’s frontend. The code loads only on the check out page, and silently logs payment card details as they’re entered into checkout forms. This data is then exfiltrated to a remote server, from where hackers collect it and sell it on underground cybercrime markets.
Pyongyang have been linked to cyber heists activities for a long period of time where they’ve targeted at banks all over the globe, have been involved in ATM heists and ATM cash-outs in different regions, and it is no longer surprising that they’ve turned their eyes to online stores for their financial gains after more sanctions were imposed on them by the US government recently. These attacks have historically gravitated towards any type of cybercrime that can generate a profit for the pyongyang regime.
Impact
- Gain access
- Financial loss
- Exposure of sensitive information
Remediation
Keep websites patched against exploitable vulnerabilities.