Report: Hackers used data mining tool, network sniffer to steal Click2Gov information

The malicious actor behind a year-old campaign targeting the web payment portal Click2Gov appears to have been using a malicious webshell, data mining utility program and network sniffer to steal information from users, according to a new report from FireEye researchers.

The researchers note that while the perpetrator’s tools and techniques are “generally consistent with other financially motivated attack groups,” this particular actor has “demonstrated ingenuity in crafting malware exploiting Click2Gov installations, achieving moderate success.”

Originally a product of software company Superion, which was recently acquired by CentralSquare Technologies, Click2Gov is a portal used by government entities to accept payments for permits, licenses, fines and utilities. In October 2017, the company disclosed the discovery of suspicious activity indicative of a breach, and by June 2018 it was widely reported that tens of thousands of local government customers across the country had their information exposed.

Please register to continue.

Already registered? Log in.

Once you register, you’ll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.

Next post in Security News

Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to your account below

Fill the forms bellow to register

Retrieve your password

Please enter your username or email address to reset your password.