Monday, September 12, 2016

Russian Hacker Forums - Skimmer Sales
ATM skimmer sales, on Russian Internet, are happening both on underground forums and stand-alone sites and blogs. These sales are often sophisticated operations involving high quality materials and providing covert international shipping, thus enabling cybercrime around the world. In addition to skimmers, the same actors often sell encoders as well, which are used to create duplicate credit cards. Some of these sales operations have been active for several years and have built a reputation among their customers by receiving positive reviews and providing a security deposit.

Publication date:                          9 September 2016

Handling requirements:                Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:            Criminal; Russian and Russian-speaking

Actor Type:                                   Tier II, III, IV

Potential Targets:                          ATMs (banks and cardholders)

Past Reporting:                              DOC-4097

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.