The Infinite Brief

Security firm Risk IQ said it has been tracking the Magecart group since 2015. Its latest modus operandi is to use a kind of digital card skimmer, malicious code, which is injected into code from third-party providers in a kind of supply chain attack.

By targeting suppliers in this way, the group can access tens of thousands of victims in one fell swoop. The report claimed that one single campaign hit 100 “top-tier victims” which comprised the e-commerce sites of some of the biggest brands in the world.

The latest findings could point to one of the biggest breach campaigns ever conducted.