Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Year-Long Web-Skimming by Silent Skimmer

September 21, 2023
Reading Time: 2 mins read
in Alerts

A financially motivated threat actor, known as Silent Skimmer, has been identified as the mastermind behind a sophisticated web-skimming campaign that has persisted for more than a year. This campaign primarily targets payment firms and users in the APAC (Asia-Pacific) and NALA (North America and Latin America) regions, with a focus on extracting sensitive financial data.

Silent Skimmer employs a range of tactics, including exploiting internet-facing applications, deploying various tools to gain access and execute code remotely, and exploiting a .NET deserialization vulnerability (CVE-2019-18935) in Progress Telerik UI for ASAP.NET AJAX. This allows them to initiate a sequence of actions that deploy a suite of tools on compromised websites, ultimately culminating in the exfiltration of user information, including billing and credit card details, using Cloudflare.

The identity of the threat actor remains concealed, but researchers suspect a Chinese hacker group’s involvement based on evidence such as a GitHub repository used in the campaign and the presence of Chinese code in PowerShell RAT.

Furthermore, the attacker’s command-and-control (C2) server is located in Asia, indicating their geographic origin or operation base. Although initially targeting the APAC region, Silent Skimmer expanded its reach to include Canada and the U.S. in October 2022, suggesting an intention to broaden its attacks into North America. The primary targets are online businesses and point-of-sale (PoS) providers, particularly those utilizing web servers running ASP.NET and IIS.

The complexity of the operation suggests the involvement of an advanced or experienced threat actor. As this campaign continues to evolve and expand its geographical scope, organizations are advised to remain vigilant and stay informed about the infrastructure and exploitation tools employed by Silent Skimmer. Leveraging Indicators of Compromise (IOCs) provided by the BlackBerry Research & Intelligence Team can be instrumental in enhancing protection against this ongoing threat.

Reference:
  • Silent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA
Tags: APACAsia PacificCyber AlertCyber Alerts 2023CybersecurityFinancial dataLatin AmericaNALANorth AmericaSeptember 2023Silent SkimmerVulnerabilitiesweb skimmer
ADVERTISEMENT

Related Posts

Fake DocuSign Alerts Target Corporate Logins

Fake DocuSign Alerts Target Corporate Logins

May 28, 2025
Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

May 28, 2025
Fake DocuSign Alerts Target Corporate Logins

Microsoft Void Blizzard Cyber Threat Alert

May 28, 2025
GhostSpy Android Malware Full Device Control

FBI Warns Luna Moth Targets US Law Firms

May 27, 2025
GhostSpy Android Malware Full Device Control

Winos 4.0 Malware Spread Via Fake Installers

May 27, 2025
GhostSpy Android Malware Full Device Control

GhostSpy Android Malware Full Device Control

May 27, 2025

Latest Alerts

Microsoft Void Blizzard Cyber Threat Alert

Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

FBI Warns Luna Moth Targets US Law Firms

Winos 4.0 Malware Spread Via Fake Installers

GhostSpy Android Malware Full Device Control

Subscribe to our newsletter

    Latest Incidents

    Migos IG Hack Blackmails Solana Cofounder

    Tiffany & Co. Faces Data Breach Incident

    MathWorks Crippled by Ransomware Attack

    Everest Ransomware Leaks Coke Staff Data

    Adidas Data Breach Exposes Customer Contacts

    Semiconductor Firm AXT Hit by Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial