ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > Operation Silent Skimmer

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Operation Silent Skimmer

NamesOperation Silent Skimmer (BlackBerry)
MotivationFinancial crime
First seen2022
Description(BlackBerry) BlackBerry has discovered a new campaign we’ve dubbed “Silent Skimmer,” involving a financially motivated threat actor targeting vulnerable online payment businesses in the APAC and NALA regions. The attacker compromises web servers, using vulnerabilities to gain initial access. The final payload deploys payment scraping mechanisms on compromised websites to extract sensitive financial data from users.

The campaign has been active for over a year, and targets diverse industries that host or create payment infrastructure, such as online businesses and Point of Sales (POS) providers. We have uncovered evidence suggesting the threat actor is proficient in the Chinese language, and operates predominantly in the Asia-Pacific (APAC) region.
ObservedCountries: USA and Asia Pacific.
Tools usedBadPotato, Cobalt Strike, GodPotato, Godzilla, JuicyPotato, PowerShell RAT, SharpToken, SweetPotato, Living off the Land.

Last change to this card: 12 October 2023

Download this actor card in PDF or JSON format

Previous: Operation SignSight
Next: Operation Spalax

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]