North Korean hackers are skimming US and European shoppers
Contents
North Korean state sponsored hackers are implicated in the interception of online payments from American and European shoppers, Sansec research shows. Hackers associated with the APT Lazarus/HIDDEN COBRA1 group were found to be breaking into online stores of large US retailers and planting payment skimmers as early as May 2019.
Previously, North Korean hacking activity was mostly restricted to banks and South Korean crypto markets2, covert cyber operations that earned hackers $2 billion, according to a 2019 United Nations report3. As Sansecâs new research shows, they have now extended their portfolio with the profitable crime of digital skimming.
Sansec researchers have attributed the activity to HIDDEN COBRA because infrastructure from previous operations was reused. Furthermore, distinctive patterns in the malware code were identified that linked multiple hacks to the same actor.
HIDDEN COBRA & digital skimming
Digital skimming, also known as Magecart4, is the interception of credit cards during online store purchases. This type …
Previously, North Korean hacking activity was mostly restricted to banks and South Korean crypto markets2, covert cyber operations that earned hackers $2 billion, according to a 2019 United Nations report3. As Sansecâs new research shows, they have now extended their portfolio with the profitable crime of digital skimming.
Sansec researchers have attributed the activity to HIDDEN COBRA because infrastructure from previous operations was reused. Furthermore, distinctive patterns in the malware code were identified that linked multiple hacks to the same actor.
HIDDEN COBRA & digital skimming
Digital skimming, also known as Magecart4, is the interception of credit cards during online store purchases. This type …
IoC
23.81.246.179
9fe97ae18c45e22fe76b8bd5165d0e152bec464d92ef5f7319b1723aba1c0edb
http://www.areac-agr.com/cms/wp-content/uploads/2015/12/check.vm
https://darvishkhan.net/wp-content/uploads/2017/06/update6.dat
https://darvishkhan.net/wp-includes/js/dist/gtm.min.js
https://darvishkhan.net/wp-includes/js/hotjar.min.js
https://technokain.com/ads/adshow1.dat
https://technokain.com/vendor/jquery.validate.min.js
https://www.areac-agr.com/cms/wp-includes/Requests/Security1.3.min.js
https://www.areac-agr.com/cms/wp-includes/Requests/Utility/json.min.js
https://www.luxmodelagency.com/wp-includes/js/customize-gtag.min.js
https://www.signedbooksandcollectibles.com/js/gmaps.min.js
9fe97ae18c45e22fe76b8bd5165d0e152bec464d92ef5f7319b1723aba1c0edb
http://www.areac-agr.com/cms/wp-content/uploads/2015/12/check.vm
https://darvishkhan.net/wp-content/uploads/2017/06/update6.dat
https://darvishkhan.net/wp-includes/js/dist/gtm.min.js
https://darvishkhan.net/wp-includes/js/hotjar.min.js
https://technokain.com/ads/adshow1.dat
https://technokain.com/vendor/jquery.validate.min.js
https://www.areac-agr.com/cms/wp-includes/Requests/Security1.3.min.js
https://www.areac-agr.com/cms/wp-includes/Requests/Utility/json.min.js
https://www.luxmodelagency.com/wp-includes/js/customize-gtag.min.js
https://www.signedbooksandcollectibles.com/js/gmaps.min.js