Media and Entertainment

Magecart Uses Bullet-Proof Hosting Services for Stolen Card Details

16 - 23 July 2019

Magecart hackers have been exfiltrating stolen payment card details to servers

Magecart hackers have been exfiltrating stolen payment card details to servers located in the Ukrainian city of Luhansk, where an ongoing civil war between pro-European and pro-Russian forces is raging. The ongoing conflict ensures that Magecart’s Command & Control servers are immune to take-down as there is no functioning government for enforcement. The stolen data are subsequently processed and eventually sent to “exfiltration gates” where hackers will retrieve to sell them in underground marketplaces. 

 

References:

No Man’s Land: How a Magecart Group is Running a Web Skimming Operation from a War Zone

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence