Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Year-Long Web-Skimming by Silent Skimmer

September 21, 2023
Reading Time: 2 mins read
in Alerts

A financially motivated threat actor, known as Silent Skimmer, has been identified as the mastermind behind a sophisticated web-skimming campaign that has persisted for more than a year. This campaign primarily targets payment firms and users in the APAC (Asia-Pacific) and NALA (North America and Latin America) regions, with a focus on extracting sensitive financial data.

Silent Skimmer employs a range of tactics, including exploiting internet-facing applications, deploying various tools to gain access and execute code remotely, and exploiting a .NET deserialization vulnerability (CVE-2019-18935) in Progress Telerik UI for ASAP.NET AJAX. This allows them to initiate a sequence of actions that deploy a suite of tools on compromised websites, ultimately culminating in the exfiltration of user information, including billing and credit card details, using Cloudflare.

The identity of the threat actor remains concealed, but researchers suspect a Chinese hacker group’s involvement based on evidence such as a GitHub repository used in the campaign and the presence of Chinese code in PowerShell RAT.

Furthermore, the attacker’s command-and-control (C2) server is located in Asia, indicating their geographic origin or operation base. Although initially targeting the APAC region, Silent Skimmer expanded its reach to include Canada and the U.S. in October 2022, suggesting an intention to broaden its attacks into North America. The primary targets are online businesses and point-of-sale (PoS) providers, particularly those utilizing web servers running ASP.NET and IIS.

The complexity of the operation suggests the involvement of an advanced or experienced threat actor. As this campaign continues to evolve and expand its geographical scope, organizations are advised to remain vigilant and stay informed about the infrastructure and exploitation tools employed by Silent Skimmer. Leveraging Indicators of Compromise (IOCs) provided by the BlackBerry Research & Intelligence Team can be instrumental in enhancing protection against this ongoing threat.

Reference:
  • Silent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA
Tags: APACAsia PacificCyber AlertCyber Alerts 2023CybersecurityFinancial dataLatin AmericaNALANorth AmericaSeptember 2023Silent SkimmerVulnerabilitiesweb skimmer
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial