Financially Motivated Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers
Essential information
- Published
- 14/11/2024 19:47
- Modified
- 15/11/2024 09:01
- Tags
- 2024-11-14 black friday chinese threat actor e-commerce financial fraud google translate oemapps phishing stripe
- Related entities
- 13 observables, 1 intrusion sets (apt), 18 techniques (mitre), 3 others
Description
A Chinese financially motivated threat actor, dubbed SilkSpecter, has been uncovered targeting e-commerce shoppers in Europe and USA with a phishing campaign leveraging Black Friday discounts. The actor uses fake discounted products as lures to steal Cardholder Data, Sensitive Authentication Data, and Personally Identifiable Information. SilkSpecter exploits the legitimate payment processor Stripe to complete genuine transactions while covertly exfiltrating sensitive data. The phishing sites use Google Translate to dynamically adjust the language based on the victim's IP location. The campaign is linked to a Chinese SaaS platform, oemapps, which enables the creation of convincing fake e-commerce sites. The phishing domains primarily use .top, .shop, .store, and .vip TLDs, often typosquatting legitimate e-commerce organizations.