BlackBerry recently warned organizations of a widespread web skimming campaign that has operated for over a year. The ‘Silent Skimmer’ campaign primarily operated in the East Asia region, but expanded to businesses in Canada and the United States in October 2022.

The threat actor behind the campaign is likely of Chinese origin. The attacker targets industries that host or create payment infrastructure, such as point-of-sales providers and online businesses. The threat actor leverages a .NET vulnerability (CVE-2019-18935) to execute code, gain remote access, and deploy a remote access trojan (RAT) to targeted servers. The RAT enables the threat actor to collect information, transfer files, and navigate the compromised system. The primary goal of the campaign is to deploy a web skimmer on online checkout pages that collects user financial information. Observed attacks appear to be more opportunistic than industry-focused.

Read More: