The Forgotten Domain: Exploring A Link Between Magecart Group 5 And The Carbanak APT


#1

The Forgotten Domain: Exploring A Link Between Magecart Group 5 And The Carbanak APT (Oct 22, 2019)

Malwarebytes has previously observed a possible overlap between Magecart Group 4 and the Cobalt gang. They have recently discovered new information identifying past Whois data for domains used by Magecart Group 5. This registrant information also seems to be responsible for domains used in Dridex phishing campaigns. Magecart group 5 is known for targeting and compromising the supply chain used by ecommerce merchants.

Recommendation: Ensure that your company's firewall blocks all entry points for unauthorized users, and maintain records of how normal traffic appears on your network. Therefore, it will be easier to spot unusual traffic and connections to and from your network to potentially identify malicious activity. Furthermore, ensure that your employees are educated about the risks of opening attachments, particularly from unknown senders and any attachment that requests macros be enabled.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.