According to reports, Russian hackers have been siphoning off credit card data from visitors of the online storefront belonging to the National Republican Senatorial Committee (NRSC).
A Dutch researcher has discovered that the NRSC was one of nearly 6000 e-commerce websites hacked by actors, with the salvaged credit card data sent to servers operated by a Russian-language internet service provider located in Belize.
Willem De Groot, co-founder and head of security at byte.nl, a Dutch e-commerce website made the discovery of the malware planted on the NRSC’s website, to reveal that hackers had exploited vulnerabilities and weak passwords to break into e-commerce websites.
The compromised Republican Committee store was fitted with the malware some 6 months ago, with two web destinations purporting to be legitimate websites. In the ensuing dissection of the malware, they were revealed to be Russian credit card harvesters under the names jquery-cloud.net and jquery-code.su.
De Groot wrote:
As reported by cybersecurity reporter Brian Krebs, De Groot revealed that the hackers “really went out of their way to pick domain names that look legitimate.”
Both of these domain names are hosted by a company called Dataflow, nameservers and IP addresses reveal. The company has a Russian language website, De Groot discovered, while notably registered in Belize in November 2015.
The address where Dataflow’s registered office exists, shows up in the Panama Papers and is revealed to contain a relatively network of just 2 blocks (512 IPs).
De Groot wrote:
The cybersecurity expert estimates, conservatively, that attackers could have stolen data from 21,0000 credit cards since March 2016. At a low price of $30 per card on the black market, the cybercriminals could have minimally made about $600,000 from skimming credit card data from the Republican-centric store.
The researcher has since revealed that administrators for the Republican-centric store have moved to secure the store after his revelations but have not released any official word on the skimming that occurred between March and October.