North Korean hackers are skimming card details from online shoppers

midian182

Posts: 5,871   +48
Staff member
Why it matters: Hackers associated with the notorious North Korean Lazarus Group are breaking into online stores and stealing customers' card details when they visit the checkout page. The attacks, known as 'web skimming' or 'Magecart attacks' have been going on since May 2019 and have hit large retailers such as international fashion chain Claire's.

The attacks were reported by Dutch cyber-security firm SanSec (via ZDNet). It writes that the digital skimming technique has been growing since 2015, and while it was traditionally used by Russian- and Indonesian-speaking hacker groups, government-sponsored North Korean criminals are now intercepting credit card details from online stores.

The attacks involve gaining access to a web store's backend server, often achieved by using booby-trapped emails (spearphishing) sent to employees to obtain their passwords. The hackers infiltrated the site of accessory store Claire's in April and June.

Once a site is compromised, the malicious script loads on the checkout page, stealing credit card details as they're entered into the forms. Once the transaction is completed, the intercepted data is sent to a collection server controlled by the hacking group and sold on the dark web.

The group developed a global exfiltration network to monetize the skimming operations. This involved hijacking and repurposing legitimate sites to serve as disguises for the criminal activity and funnel stolen assets. A modeling agency from Milan, a vintage music store from Tehran, and a family-run book store from New Jersey were all part of the network.

Sansec researchers found links between the skimming activity and previous North Korean hacking operations. The evidence points to Hidden Cobra, aka the Lazarus Group, which was behind the 2014 Sony Pictures hack, the heist on a Bangladeshi bank in 2016, and is widely believed to have been responsible for the WannaCry malware.

Permalink to story.

 

Uncle Al

Posts: 7,217   +5,606
The Russians have apparently found a way to "shut off" their internet. It would seem that it should be possible for us to do the same against these rogue states .... wasn't that what the internet 2 was supposed to be all about?
 
  • Like
Reactions: Neels Minnaar

Eldritch

Posts: 228   +268
The Russians have apparently found a way to "shut off" their internet. It would seem that it should be possible for us to do the same against these rogue states .... wasn't that what the internet 2 was supposed to be all about?
Why would anyone shutoff net? Wouldn't it be easier to simply pass a law forcing ISPs and sites/cdn to reject connections from a particular country?

Granted, they will still be able to visit the sites through VPNs but launching attack will be almost impossible.
 
  • Like
Reactions: Neels Minnaar

QuantumPhysics

Posts: 3,059   +2,879
Cyberattacks are the most nefarious attacks. North Korea could have entire divisions of cybercriminals and you can't prosecute any of them. Same goes for Iran and every other country America is hostile with.
 
  • Like
Reactions: Neels Minnaar