Before the Strike — Issue #6
Date: 29 January, 2025
Welcome to the sixth edition of Before the Strike — your early radar for the threats, insights, and intel shaping what’s next.
The Invisible Insider: Using Traffic Origin to Close the Fraud, AML and KYC Gaps in Digital Deception
The security industry is stuck in a reactive loop, asking if an IP is "bad" while adversaries use residential proxies and KVM relays to look perfectly "good." Traditional tools see a domestic IP and a valid document, then look no further.
When these gaps aren't addressed, the fallout is significant; remediation costs for a single "invisible insider" can exceed $3 million USD.
Our latest analysis unmasks the infrastructure used by fraudsters and state actors to spoof their physical presence. Identifying the technical country-of-origin provides the ground truth that document verification and static IP reputation simply can’t match.
🚨 Read more about the invisible insider threat and Traffic Origin: https://www.silentpush.com/blog/the-invisible-insider/
Upcoming Threat Webinar: Last chance to register! 💻
Magecart Unmasked: How One Indicator Unraveled a 4-Year Skimming Network
Our preemptive cyber defense team have successfully uncovered an extensive network of domains associated with an ongoing web-skimmer campaign, known under the umbrella name: “Magecart”.
If your organization relies on web forms, payment portals or online checkout, make sure you register for this session on February 3.
🌎 1:00pm ET 🌍 3:00pm CET 🌏 10:00am SGT
ALERT: SLSH Malicious "Supergroup" Targeting 100+ Organizations via Live Phishing Panels
We're currently tracking a large-scale phishing campaign that closely aligns with the TTPs recently published by Okta and covered by BleepingComputer. These attacks utilize "Adversary-in-the-Middle" (AiTM) kits that allow threat actors to manipulate a victim's browser session in real-time.
‼️ Get in touch with our team to expose threats in the staging phase. We map adversary infrastructure as it’s built, so you can disrupt campaigns weeks before they launch.
The use of persuasive "vishing" and real-time session orchestration is the unmistakable signature of the Scattered Lapsus$ Hunters (SLSH) - a formidable alliance merging the social engineering expertise of Scattered Spider with the high-profile extortion tactics of ShinyHunters.
Using our Indicator of Future Attack (IOFA)™ feeds, we are monitoring new infrastructure as it’s spun up. Companies recently targeted include Atlassian, Epic Games, HubSpot, Canva, Iron Mountain, ZoomInfo, RingCentral, Genesys, AppLovin, Telstra and many more (see full list in comments).
🚨 Full research here: https://www.silentpush.com/blog/slsh-alert/
Silent Push Uncovers New Magecart Network: Disrupting Online Shoppers Worldwide
We've recently uncovered an extensive network of domains associated with a long-term, ongoing web-skimmer campaign, known under the umbrella name: “Magecart.”
Several global payment networks are currently being targeted, including American Express, Diners Club International, Discover, and Mastercard.
The most likely victims of this web-skimming campaign are online shoppers, the e-commerce stores that are compromised, and the payment providers.
👉 If you have would like to discuss the research and how it may affect your organization, get in touch with us.
🚨 Full research here: https://www.silentpush.com/blog/magecart/
Neutralize before compromise.
Book a demo of Silent Push today and learn how your team can target the preparation phase and disrupt adversary infrastructure before it becomes an attack.