Weekly Threat Briefing: Magecart Skimmers Found on Amazon CloudFront CDN

Weekly Threat Briefing: Magecart Skimmers Found on Amazon CloudFront CDN

June 11, 2019 | Anomali Labs

The intelligence in this week’s iteration discuss the following threats: Botnet, Data breach, Misconfigurations, Ransomware, Threat groups, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. Click here to request a trial.

OilRig
The Advanced Persistent Threat (APT) group “OilRig” is believed to be an Iranian-based group that has been active since at least 2014. OilRig conducts cyber espionage operations focused on reconnaissance that benefits Iranian nation-state interests. OilRig uses a mix of public and custom tools to primarily target entities located in the Middle East.
 
MageCart Timeline of Malicious Activity
MageCart is a particularly interesting threat group because of the sheer amount of sites, approximately 100,000, they have either compromised or successfully skimmed card credentials from since being first identified in 2015. The name MageCart refers to multiple groups, according to RiskIQ. It appears that MageCart is a collective term used to track payment information-stealing activity from at least 12 separate groups. Researchers also point out that Group 9 was interfering Group 3’s skimmer by manipulating the last credit or debit card number, which appears to indicate that MageCart is indeed an umbrella term used to track malicious activity. It may be difficult for individuals to determine separate groups because some of the groups use similar and common data-stealing methods, however, RiskIQ does note their methodology in their joint paper with Flashpoint on how they identify the different groups.[1]
 
 
Anomali Labs
About the Author

Anomali Labs

Get the latest threat intelligence news in your email.