Hackers sponsored by the government of North Korea are reportedly stealing payment card data from customers of U.S. e-commerce retailers.
According to e-commerce security software provider Sansec, members of the Hidden Cobra hacking group, which the U.S. Department of Justice has publicly associated with the North Korean government, have been illegally placing payment skimmers into the e-commerce sites of several American retailers since at least May 2019.
The Sansec report says Hidden Cobra has hijacked a number of legitimate websites around the globe to help extract stolen card data from online retailers and then transmit it for eventual resale on the dark web. These include sites for a modeling agency in Milan, Italy; a music shop in Tehran, Iran, and a bookstore in Wayne, N.J.
Retailers affected by the Hidden Cobra hack reportedly include Claire’s, Focus Camera, and Paper Source. The hackers are also said to have created a fake Claire’s e-commerce site for the purpose of fraudulently collecting consumer payment card data.
“Digital skimming attacks are a lucrative source of revenue for hackers,” said Ameet Naik, security evangelist at Web security provider PerimeterX. “This series of attacks used a combination of lookalike domains and legitimate websites, all controlled by the attackers, as a means of exfiltrating the stolen data. The use of such techniques makes it difficult to prevent Magecart attacks using pre-configured policies alone. Businesses require real-time client-side application protection to stop malicious script activity on their websites, prevent data breaches and avoid their customer data from being used to fuel more cybercrime.”