Now Gemini Advisory specialists have published new reportdedicated to this attack. Experts write that although the hack was discovered in October last year, the actual compromise occurred a month earlier and dates from September 7, 2019. The malicious code was eventually detected in 6,589 Volusion-based stores.
According to analysts, data on stolen cards appeared on sale on the darknet about a month after the hack was discovered, in November 2019. Gemini Advisory estimates that, in total, hackers could get information on nearly 20 million payment cards, although so far experts have tracked only 239,000 Card Not Present (CNP) records in Volusion stores.
According to researchers, in total, this hacking and subsequent sale of information on carats brought attackers about 1,600,000 US dollars.
Let me remind you that specialists Trend micro connect this incident with the well-known hack group FIN6, which is involved in Magecart attacks on large companies such as British Airways and Newegg.