ShadowTalk Update – 3.11.19
March 11, 2019
This week Jamie and Alex join Harrison to look at Fin6, who has begun regularly targeting card-not-present data on e-commerce websites. Other highlights from this week include Topps disclosing a data breach incident linked to Magecart, the Farseer malware, and more.
Highlights from the week include: Topps disclosed a data breach incident linked to “Magecart”, the new “Farseer” malware is probably linked to the Chinese state, and the United States Cyber Command (CYBERCOM) targeted Russian influence operations during the 2018 mid-term elections.
Fin6 Expands Scope to Infiltrate e-commerce
Financially motivated threat actor Fin6 has fully embraced the targeting of card-not-present (CNP) data related to e-commerce transactions, and used this tactic prominently during 2018. In this way Fin6 can gain additional resources to target a victim via multiple cyber attack vectors, thereby enhancing the success rate of their campaigns. The tactic highlights the various ways card-not-present data can be exploited by threat actors—from network intrusions to third-party supply chain attacks. Having expanded their offensive toolkit, Fin6 may choose to target new sectors, and they could also develop additional attack methodologies that further increase their chances of success. To mitigate, organizations with e-commerce platforms on their websites should take a holistic approach to cyber-security.
Topps discloses data breach leaked to Magecart
Topps, a United States-based company that manufactures and sells sports collectibles, disclosed a data breach linked to the Magecart threat collective—specifically, the subgroup “Group 4”. The cyber-threat campaign affected customers who used the Topps website’s check-out function between 19 Nov 2018 and 09 Jan 2019. Magecart Group 4 reportedly injected a malicious script into the site’s check-out page, which could compromise payment data and other personal information of customers purchasing through the site during that seven-week period.
New Farseer malware may be aiding Chinese state interests
The new Microsoft Windows-based malware Farseer was identified targeting individuals with Myanmar-themed lures distributed in phishing campaigns. The malware has several similarities and technical overlaps with other malware, such as “HenBox”, which has previously been used to target ethnic minorities in China. The highly targeted nature of the Farseer attack campaign suggests that it is connected to Chinese government interests in the region and that it was likely used to target Burmese political figures.
US Cyber Command pre-empts Russian influence with pre-election attacks
The United States’ CYBERCOM reportedly targeted the networks of the Russia-based Internet Research Agency (IRA), one day before the 2018 United States mid-term elections. Three attacks allegedly aimed to disrupt the IRA’s ability to conduct online influence and disinformation campaigns. There are conflicting reports on the impact of these attacks, but the reports do confirm this first noted offensive action by CYBERCOM to confront Russian influence activities. Additional attacks aimed at disrupting Russian operations are almost certain to occur, particularly in the prelude to significant political events, such as elections.
For more details, read the full Weekly Intelligence Summary here:
To stay up to date with the latest in digital risk protection, subscribe to our threat intelligence emails here.