Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Financially Motivated Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers

Nov. 15, 2024, 9:01 a.m.

Description

A Chinese financially motivated threat actor, dubbed SilkSpecter, has been uncovered targeting e-commerce shoppers in Europe and USA with a phishing campaign leveraging Black Friday discounts. The actor uses fake discounted products as lures to steal Cardholder Data, Sensitive Authentication Data, and Personally Identifiable Information. SilkSpecter exploits the legitimate payment processor Stripe to complete genuine transactions while covertly exfiltrating sensitive data. The phishing sites use Google Translate to dynamically adjust the language based on the victim's IP location. The campaign is linked to a Chinese SaaS platform, oemapps, which enables the creation of convincing fake e-commerce sites. The phishing domains primarily use .top, .shop, .store, and .vip TLDs, often typosquatting legitimate e-commerce organizations.

Date

Published: Nov. 14, 2024, 7:47 p.m.

Created: Nov. 14, 2024, 7:47 p.m.

Modified: Nov. 15, 2024, 9:01 a.m.

Indicators

9a049fe87fe472bd6e2a9f361b78a64576be9f827f9668af69bec03f5cbef0da

587b05cd8d59f9820d2cf168b07d46b1519d12ee7a2f7062a2490da0a99ccb50

northfaceblackfriday.shop

wayfareblackfriday.com

makitablackfriday.shop

llbeanblackfridays.shop

lidl-blackfriday-eu.shop

ikea-euonline.com

eu-blochdance.shop

gardena-eu.com

dopeblackfriday.shop

blackfriday-shoe.top

bbw-blackfriday.shop

Attack Patterns

SilkSpecter

T1043

T1526

T1120

T1185

T1016

T1518

T1082

T1071

T1102

T1040

T1204

T1132

T1033

T1027

T1056

T1566

T1078

T1059

Additional Informations

Retail

Finance

United States of America