Security News > 2020 > July > Lazarus Group Adds Magecart to the Mix
The Lazarus Group, state-sponsored hackers affiliated with North Korea, has added digital payment-card skimming to their repertoire, researchers said, using Magecart code.
The analysis found that Lazarus was likely planting Magecart payment skimmers on major online retailer sites as early as May 2019.
The researchers speculated that Lazarus is using spearphishing emails as its initial infection vector to compromise the sites - an effort ultimately aimed at obtaining the passwords of retail staff.
Researchers uncovered the ongoing campaign last summer, when the firm discovered a skimmer on a U.S. truck-parts store that used the compromised Italian modeling site to harvest payment data.
"Does the usage of common loader sites, and the similarity in time frame, prove that the DPRK-attributed operations are run by the same actor as the skimming operations?" the researchers said.