28 January 2020

3 Indonesian hackers behind hundreds of Magecart-style attacks arrested


3 Indonesian hackers behind hundreds of Magecart-style attacks arrested

The Indonesian police revealed the details of a coordinated Interpol anti-skimming campaign dubbed ‘Operation Night Fury’ that resulted in the arrest of three Indonesian hackers allegedly responsible for a slew Magecart-like attacks aimed at stealing payment card data. The investigation was conducted with support from European and US cyberteams.

The suspects were arrested in last December in Jakarta and Yogyakarta and charged with data theft, fraud, and unauthorized access to computer systems. The hackers face up to 10 years in prison under article 363 of the Indonesian Criminal Code.

As with other Magecart attacks, the hackers compromised websites and injected JS sniffers in order to steal users’ payment card info. According to authorities, the suspects used the stolen data to buy electronic goods and other luxury items and tried to resell the them at a relatively cheap price or below the market price.

The Indonesian police reported that this group have compromised at least 12 (mostly European) e-commerce websites, but, according to cybersecurity firm Sanguine Security that has been tracking the group’s activity for several years, the trio is behind the credit card theft at more than 571 online stores.

The attribution of these attacks is based on the strange message in all of the skimming code.

“‘Success gan !’ translates to ‘Success bro’ in Indonesian and has been present for years on all of their skimming infrastructure”, the researchers said.

The experts said they have observed similar attacks linked to the same online infrastructure even after the arrests suggesting that there are more members of this group who are still at large.

“We found 27 stores that are still being skimmed using the same code. Several exfiltration servers are still actively collecting intercepted payments, notably the brazen magecart.net domain,” the firm said.

Back to the list

Latest Posts

PayPal customers hit with fraudulent charges via Google Pay

PayPal customers hit with fraudulent charges via Google Pay

It's not clear what vulnerability is being exploited, but the issue may be related to a bug reported to PayPal a year ago.
25 February 2020
Croatia’s largest petrol station chain joins list of victims of ransomware attacks

Croatia’s largest petrol station chain joins list of victims of ransomware attacks

The CLOP ransomware family is suspected to be involved in the attack.
21 February 2020
WordPress ThemeREX plugin flaw is being actively exploited to create rogue admin accounts

WordPress ThemeREX plugin flaw is being actively exploited to create rogue admin accounts

The flaw in the ThemeREX Addons plugin can be used to remotely execute code on websites.
20 February 2020