Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Year-Long Web-Skimming by Silent Skimmer

September 21, 2023
Reading Time: 2 mins read
in Alerts

A financially motivated threat actor, known as Silent Skimmer, has been identified as the mastermind behind a sophisticated web-skimming campaign that has persisted for more than a year. This campaign primarily targets payment firms and users in the APAC (Asia-Pacific) and NALA (North America and Latin America) regions, with a focus on extracting sensitive financial data.

Silent Skimmer employs a range of tactics, including exploiting internet-facing applications, deploying various tools to gain access and execute code remotely, and exploiting a .NET deserialization vulnerability (CVE-2019-18935) in Progress Telerik UI for ASAP.NET AJAX. This allows them to initiate a sequence of actions that deploy a suite of tools on compromised websites, ultimately culminating in the exfiltration of user information, including billing and credit card details, using Cloudflare.

The identity of the threat actor remains concealed, but researchers suspect a Chinese hacker group’s involvement based on evidence such as a GitHub repository used in the campaign and the presence of Chinese code in PowerShell RAT.

Furthermore, the attacker’s command-and-control (C2) server is located in Asia, indicating their geographic origin or operation base. Although initially targeting the APAC region, Silent Skimmer expanded its reach to include Canada and the U.S. in October 2022, suggesting an intention to broaden its attacks into North America. The primary targets are online businesses and point-of-sale (PoS) providers, particularly those utilizing web servers running ASP.NET and IIS.

The complexity of the operation suggests the involvement of an advanced or experienced threat actor. As this campaign continues to evolve and expand its geographical scope, organizations are advised to remain vigilant and stay informed about the infrastructure and exploitation tools employed by Silent Skimmer. Leveraging Indicators of Compromise (IOCs) provided by the BlackBerry Research & Intelligence Team can be instrumental in enhancing protection against this ongoing threat.

Reference:
  • Silent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA
Tags: APACAsia PacificCyber AlertCyber Alerts 2023CybersecurityFinancial dataLatin AmericaNALANorth AmericaSeptember 2023Silent SkimmerVulnerabilitiesweb skimmer
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial