Anomali Cyber Watch: TURLA’s New Phishing-Based Reconnaissance Campaign in Eastern Europe, Unknown APT Group Has Targeted Russia Repeatedly Since Ukraine Invasion and More

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Chromeloader, Goodwill, MageCart, Saitama, Turla and Yashma. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.



Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.



Trending Cyber News and Threat Intelligence




Credit Card Stealer Targets PsiGate Payment Gateway Software



(published: May 25, 2022)



Sucuri Researchers have detailed their findings on a MageCart skimmer that had been discovered within the Magento payment portal. Embedded within the core_config_data table of Magento’s database, the skimmer was obfuscated and encoded with CharCode. Once deobfuscated, a JavaScript credit card stealer was revealed. The stealer is able to acquire text and fields that are submitted to the payment page, including credit card numbers and expiry dates. Once stolen, a synchronous AJAX is used to exfiltrate the data.Analyst Comment: Harden endpoint security and utilize firewalls to block suspicious activity to help mitigate against skimmer injection. Monitor network traffic to identify anomalous behavior that may indicate C2 activity.MITRE ATT&CK: [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 | [MITRE ATT&CK] Data Encoding - T1132 | [MITRE ATT&CK] Input Capture - T1056Tags: MageCart, skimmer, JavaScript Magento, PsiGate, AJAX






Support the originator by clicking the read the rest link below.