Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Year-Long Web-Skimming by Silent Skimmer

September 21, 2023
Reading Time: 2 mins read
in Alerts

A financially motivated threat actor, known as Silent Skimmer, has been identified as the mastermind behind a sophisticated web-skimming campaign that has persisted for more than a year. This campaign primarily targets payment firms and users in the APAC (Asia-Pacific) and NALA (North America and Latin America) regions, with a focus on extracting sensitive financial data.

Silent Skimmer employs a range of tactics, including exploiting internet-facing applications, deploying various tools to gain access and execute code remotely, and exploiting a .NET deserialization vulnerability (CVE-2019-18935) in Progress Telerik UI for ASAP.NET AJAX. This allows them to initiate a sequence of actions that deploy a suite of tools on compromised websites, ultimately culminating in the exfiltration of user information, including billing and credit card details, using Cloudflare.

The identity of the threat actor remains concealed, but researchers suspect a Chinese hacker group’s involvement based on evidence such as a GitHub repository used in the campaign and the presence of Chinese code in PowerShell RAT.

Furthermore, the attacker’s command-and-control (C2) server is located in Asia, indicating their geographic origin or operation base. Although initially targeting the APAC region, Silent Skimmer expanded its reach to include Canada and the U.S. in October 2022, suggesting an intention to broaden its attacks into North America. The primary targets are online businesses and point-of-sale (PoS) providers, particularly those utilizing web servers running ASP.NET and IIS.

The complexity of the operation suggests the involvement of an advanced or experienced threat actor. As this campaign continues to evolve and expand its geographical scope, organizations are advised to remain vigilant and stay informed about the infrastructure and exploitation tools employed by Silent Skimmer. Leveraging Indicators of Compromise (IOCs) provided by the BlackBerry Research & Intelligence Team can be instrumental in enhancing protection against this ongoing threat.

Reference:
  • Silent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA
Tags: APACAsia PacificCyber AlertCyber Alerts 2023CybersecurityFinancial dataLatin AmericaNALANorth AmericaSeptember 2023Silent SkimmerVulnerabilitiesweb skimmer
ADVERTISEMENT

Related Posts

BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025
FBI Issues Warning on Spoofed IC3 Website

FBI Issues Warning on Spoofed IC3 Website

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

Infostealer Hits macOS Users Widely

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

SonicWall Warns Reset After Exposure

September 22, 2025

Latest Alerts

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

SonicWall Warns Reset After Exposure

Infostealer Hits macOS Users Widely

FBI Issues Warning on Spoofed IC3 Website

Subscribe to our newsletter

    Latest Incidents

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    Steam Game Steals Streamer Donations

    Ransomware Gang Hacks Spartanburg County

    Cyberattack Hits Europe Airport Systems

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial