Skip to main content

North Korea behind new Magecart attacks

(Image credit: Image source: Shutterstock/GlebStock)

North Korea has once again been accused of using its hackers to steal credit cards from major Western retailers. 

A report issued by Willem de Groot, a researcher from Sansec, has accused the notorious Lazarus (aka Hidden Cobra), the North Korean state-sponsored advanced persistent threat (APT) group of carrying out more attacks.

According to the report, over the past 12 months, the group has been using Magecart, a popular credit card skimming malware, against western retailers such as Claire's Accessories. de Groot notes that the group has been stealing credit card information, which can then be sold on the dark web for anywhere between $5 and $30.

Discussing how Lazarus managed to find its way into Claire's Accessories and the likes, de Groot believes it could be the result of a successful spear phishing attack against the company's employees, which allowed the group to place Magecart into the store's checkout page.

He managed to tie the activities back to North Korea because they used the same infrastructure that was already used in confirmed North Korean attacks.

Other retailers mentioned in the report include a Milan-based modelling agency, as well as an independent bookstore in New Jersey.

All evidence is pointing towards the campaign being active since at least June 2019.