We have been seeing a lot of hacking attempts taking place right now and from quite some time since the beginning of this year. But it must be noted that hacking is not new and it has been going on for decades. It is also worth remembering that if a hack is not being reported or published doesn’t mean that hacking is not going on. Instead, it just means that people are confused and do not want to report them due to security and privacy problems.
It is also rare to pinpoint a hacking group responsible for hacking multiple clients as well as entities but we have one such report. According to this report, it has been revealed that hacking group “Keeper” has been behind the hacking that has been going on from last 3 years on 570 e-commerce portals so far. It is also reported that Keeper gang “broke into online store backends, altered their source code, and inserted malicious scripts that logged payment card details entered by shoppers in checkout forms”. This is how their hacking usually go but they made a mistake and “accidentally” revealed credit card information of the stores they hacked.
While these type of hacks are known as web skimming, e-skimming or MageCart attacks, it is not common to out credit card details publicly so it does seem to accidental. The reason why Keeper was caught by Gemini Advisory is that they used “same identical control panels for the backend servers where they collected payment card details from hacked stores”. This is a rookie mistake and one that most major hacking groups would avoid doing. On further investigation, it was revealed that 85% of these e-commerce stores were Magento-based meaning they found a loophole inside Magento which let them enter the stores with ease without owner’s knowledge