"Ongoing Xurum Attacks Target Magento 2 E-stores"

Researchers at Akamai warn of ongoing attacks, dubbed Xurum, against e-commerce websites using the Magento 2 Content Management System (CMS). Attackers are exploiting a server-side template injection vulnerability, tracked as CVE-2022-24086, with a CVSS score of 9.8 in Adobe Commerce and Magento Open Source. The name Xurum derives from the domain name of the attacker's command-and-control (C2) server. The campaign has been active since at least January 2023, and the threat actors appear to be interested in payment stats for orders placed in the victim's Magento store during the past ten days. Sometimes, the attackers also used a software skimmer to steal credit card information and transmit it to a remote server. The evidence gathered by the researchers suggests that a Russian threat actor is responsible for the attacks. This article continues to discuss findings regarding the ongoing Xurum attacks targeting Magento 2 e-stores.

Security Affairs reports "Ongoing Xurum Attacks Target Magento 2 E-stores"