The malicious actor behind a year-old campaign targeting the web payment portal Click2Gov appears to have been using a malicious webshell, data mining utility program and network sniffer to steal information from users, according to a new report from FireEye researchers.
The researchers note that while the perpetrator’s tools and techniques are “generally consistent with other financially motivated attack groups,” this particular actor has “demonstrated ingenuity in crafting malware exploiting Click2Gov installations, achieving moderate success.”
Originally a product of software company Superion, which was recently acquired by CentralSquare Technologies, Click2Gov is a portal used by government entities to accept payments for permits, licenses, fines and utilities. In October 2017, the company disclosed the discovery of suspicious activity indicative of a breach, and by June 2018 it was widely reported that tens of thousands of local government customers across the country had their information exposed.
Please register to continue.
Already registered? Log in.
Once you register, you’ll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.