Financially Motivated Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers
Nov. 15, 2024, 9:01 a.m.
Tags
External References
Description
A Chinese financially motivated threat actor, dubbed SilkSpecter, has been uncovered targeting e-commerce shoppers in Europe and USA with a phishing campaign leveraging Black Friday discounts. The actor uses fake discounted products as lures to steal Cardholder Data, Sensitive Authentication Data, and Personally Identifiable Information. SilkSpecter exploits the legitimate payment processor Stripe to complete genuine transactions while covertly exfiltrating sensitive data. The phishing sites use Google Translate to dynamically adjust the language based on the victim's IP location. The campaign is linked to a Chinese SaaS platform, oemapps, which enables the creation of convincing fake e-commerce sites. The phishing domains primarily use .top, .shop, .store, and .vip TLDs, often typosquatting legitimate e-commerce organizations.
Date
Published: Nov. 14, 2024, 7:47 p.m.
Created: Nov. 14, 2024, 7:47 p.m.
Modified: Nov. 15, 2024, 9:01 a.m.
Indicators
9a049fe87fe472bd6e2a9f361b78a64576be9f827f9668af69bec03f5cbef0da
587b05cd8d59f9820d2cf168b07d46b1519d12ee7a2f7062a2490da0a99ccb50
northfaceblackfriday.shop
wayfareblackfriday.com
makitablackfriday.shop
llbeanblackfridays.shop
lidl-blackfriday-eu.shop
ikea-euonline.com
eu-blochdance.shop
gardena-eu.com
dopeblackfriday.shop
blackfriday-shoe.top
bbw-blackfriday.shop
Attack Patterns
SilkSpecter
T1043
T1526
T1120
T1185
T1016
T1518
T1082
T1071
T1102
T1040
T1204
T1132
T1033
T1027
T1056
T1566
T1078
T1059
Additional Informations
Retail
Finance
United States of America