Serviceteam IT Security News

Security researchers have discovered close links between a digital skimming group, Dridex phishing campaigns and the notorious Carbanak malware.

Malwarebytes researchers Jérôme Segura, William Tsing, and Adam Thomas examined WHOIS data prior to GDPR taking effect to uncover those behind Magecart Group 5, they revealed in a new blog post.

Unlike many others using the notorious skimming code, the group usually attacks supply chain organizations with the hope of infecting many more websites and their customers.

Although it usually registers domains to support its activity using privacy protection services, the group appears to have made a mistake when it registered informaer.info with Chinese bulletproof hoster BIZCN/CNOBIN.

The researchers’ digging revealed the name “Guo Tang,” a Beijing-based address and phone number, and a Yahoo.com email address.

The latter has been used to register multiple domains used in phishing campaigns designed to deliver notorious banking trojan Dridex, including an efax attack on German users, and others spoofing the OnePosting and Xero brands, Malwarebytes revealed.

They also cited research by the Swiss CERT which claimed Dridex has in the past been used to deliver the Carbanak info-stealing malware.

The phone number from Magecart Group 5’s registrant information has also been linked to Carbanak group, a cybercrime operation thought to have stole hundreds of millions of dollars from global banks.

“Victimology helps us to get a better idea of the threat actor behind attacks. For instance, we see many compromises that affect a small subset of merchants that are probably tied to less sophisticated criminals, often using a simple skimmer or a kit,” concluded Malwarebytes.

“In contrast, we believe that the bigger breaches that reel in a much larger prize are conducted by advanced threat groups with previous experience in the field and with well-established ties within the criminal underground.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!