Extensive Web Skimming Operation Compromises Credit Card Data from Major E-Commerce Platforms


Published on: 2026-01-13

AI-powered OSINT brief from verified open sources. Automated NLP signal extraction with human verification. See our Methodology and Why WorldWideWatchers.

Intelligence Report: Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

1. BLUF (Bottom Line Up Front)

A long-running web skimming campaign has been targeting major payment networks since January 2022, affecting enterprise clients and their customers. The campaign utilizes sophisticated techniques to evade detection and compromise e-commerce sites. This assessment is made with moderate confidence due to the complexity and persistence of the threat.

2. Competing Hypotheses

  • Hypothesis A: The campaign is primarily driven by financially motivated cybercriminal groups seeking to exploit vulnerabilities in e-commerce platforms. This is supported by the targeting of major payment networks and the use of obfuscated JavaScript payloads. However, the exact identity and motivation of the actors remain uncertain.
  • Hypothesis B: The campaign could be a state-sponsored operation aimed at destabilizing economic activities by undermining trust in digital payment systems. This hypothesis is less supported due to the lack of direct evidence linking state actors to the campaign.
  • Assessment: Hypothesis A is currently better supported due to the financial nature of the targets and the techniques used, which are typical of cybercriminal activities. Indicators such as changes in targeting patterns or the emergence of new technical capabilities could shift this judgment.

3. Key Assumptions and Red Flags

  • Assumptions: The campaign is ongoing and has not been fully mitigated; the actors are financially motivated; the techniques used are indicative of cybercriminal rather than state-sponsored activities.
  • Information Gaps: The precise identity of the threat actors; the full scope of affected entities; the potential involvement of state actors.
  • Bias & Deception Risks: Potential bias in attributing the campaign solely to cybercriminals without considering geopolitical motives; possible deception by actors using false flags to mislead attribution efforts.

4. Implications and Strategic Risks

This campaign could undermine trust in digital payment systems, leading to broader economic and security implications. The persistence of such threats may prompt regulatory changes and increased cybersecurity investments.

  • Political / Geopolitical: Potential for increased tensions if state-sponsored involvement is suspected.
  • Security / Counter-Terrorism: Increased demand for cybersecurity measures and potential for collaboration among affected nations.
  • Cyber / Information Space: Highlighting vulnerabilities in e-commerce platforms and the need for enhanced security protocols.
  • Economic / Social: Possible loss of consumer confidence in digital transactions, impacting e-commerce growth.

5. Recommendations and Outlook

  • Immediate Actions (0–30 days): Enhance monitoring of e-commerce platforms, conduct security audits, and share threat intelligence with affected entities.
  • Medium-Term Posture (1–12 months): Develop resilience measures, foster public-private partnerships, and invest in cybersecurity capabilities.
  • Scenario Outlook:
    • Best: Effective mitigation reduces campaign impact, restoring trust in digital payments.
    • Worst: Campaign escalates, causing significant economic disruption and regulatory backlash.
    • Most-Likely: Continued low-level activity with periodic disruptions, prompting gradual improvements in cybersecurity practices.

6. Key Individuals and Entities

  • Silent Push (Cybersecurity Researcher)
  • Stark Industries (Sanctioned Bulletproof Hosting Provider)
  • PQ.Hosting (Parent Company)
  • THE[.]Hosting (Rebranded Entity)
  • WorkTitans B.V. (Dutch Entity)
  • cdn-cookie[.]com (Suspicious Domain)

7. Thematic Tags

cybersecurity, web skimming, e-commerce, financial crime, sanctions evasion, digital payment security, Magecart

Structured Analytic Techniques Applied

  • Adversarial Threat Simulation: Model and simulate actions of cyber adversaries to anticipate vulnerabilities and improve resilience.
  • Indicators Development: Detect and monitor behavioral or technical anomalies across systems for early threat detection.
  • Bayesian Scenario Modeling: Quantify uncertainty and predict cyberattack pathways using probabilistic inference.
  • Network Influence Mapping: Map influence relationships to assess actor impact.

Explore more:
Cybersecurity Briefs ·
Daily Summary ·
Support us

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages - Image 1
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages - Image 2
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages - Image 3
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages - Image 4
Tags: , , , , , ,