Cyber criminals with ties to North Korea are stealing US shoppers’ information by hacking into the checkout carts of dozens of large retailers including Claire’s
- Security experts have uncovered a skimming attack on large US retailers
- The team is pointing to the group Hidden Cobra, which has ties to North Korea
- The hackers have been attacking these online stores since May 2019
- They are putting a malicious script in the retailer’s checkout cart
- When a customer inputs their credit card, the information is sent to the hacker
Hackers with ties to North Korea are attacking large US retailers and stealing customer’s credit card information.
Security experts discovered the group ‘Hidden Cobra’ has been planting digital ‘skimmers’ on checkout pages for at least one year.
Also known as Lazurus, the hacking group was found to use malicious strips such as web skimmers to copy sensitive payment information.
The cybercriminals are said to have access major retails including the fashion chain Claire’s, as well as Paper Source and Focus Camera.
Security experts discovered the group ‘Hidden Cobra’ has been planting digital ‘skimmers’ on checkout pages for at least one year. Victim stores are shown in green and Hidden Cobra controlled exfiltration nodes in red
DailyMail.com has reached out to the companies listed in the attack and has yet to receive a response.
The attack was discovered by a team at Sansec, a firm in the Netherlands that searches for digital skimming operations.
‘Hackers associated with the APT Lazarus/HIDDEN COBRA1 group were found to be breaking into online stores of large US retailers and planting payment skimmers as early as May 2019,’ the team shared in an announcement Monday.
Sansec notes that they were able to pin the skimming on Hidden Cobra due to the fact that the group reused technology from previous attacks.
The researcher team also found patterns in the malware code placed on checkout carts that matched those from other hacks linked to the cybercriminals.
Also known as Lazurus, the hacking group was found to use malicious strips such as web skimmers to copy sensitive payment information
Digital skimming, which is also known as a magecart attack, has become a popular hacking method since 2015.
It was a go-to move for Russian and Indonesian groups, but is now spreading across the globe.
Sansec explains that Hidden Cobra was able to gain access to the store code of dozens of large US retailers, allowing them to place its malicious script on the checkout page – a complete list of the companies has yet to be released.
Once an unsuspecting customer inputs their information and credit card details, the script sends the data to a Hidden Cobra-controlled collection server.
However, these bad actors have also infiltrated smaller companies like a model agency in Italy and a family owned bookstore in New Jersey.
The cybercriminals are said to have access major retails including the fashion chain Claire’s, as well as Paper Source and Focus Camera
‘To monetize the skimming operations, HIDDEN COBRA developed a global exfiltration network,’ wrote Sensec.
‘This network utilizes legitimate sites that got hijacked and repurposed to serve as disguise for the criminal activity.’
‘The network is also used to funnel the stolen assets so they can be sold on dark web markets.
‘Sansec has identified a number of these exfiltration nodes, which include a modeling agency8 from Milan, a vintage music store9 from Tehran and a family run book store10 from New Jersey.