Magecart Group 8 has been targeting online retailers since 2016. This distinct skimming group first came to light when RiskIQ, led by researcher Yonathan Klijnsma, analyzed its skimmer in 2017 and exposed attacks on Nutribullet in February 2020 and MyPillow and Amerisleep in 2019.
The group hasn't fixed what isn't broken and today still uses the same skimmer and many of the same tactics and techniques to steal payment data. When selecting its targets, the group seems to continue to favor the home improvement industry, specifically hardware, real estate services, and interior design and decor.
Supported by our Internet Intelligence Graph, our researchers identify patterns to uncover new threat infrastructure and attacks across the global threat landscape. For Magecart Group 8, its choice of hosting providers shined new light on its skimming activities. RiskIQ researchers identified a pattern in the group's use of hosting providers Flowspec, JSC TheFirst, and OVH and its propensity to transition potentially inactive infrastructure from Bulletproof hosting providers to legitimate ones such as Velia.net.
Article Link: Magecart Group 8: Patterns in Hosting Reveal Sustained Attacks on E-Commerce | RiskIQ